CIOs are not conducting cloud computing risk assessments

CIOs are not conducting cloud computing risk assessments

BIA Business Impact AnalysisCloud OutsourcingA new survey by Protiviti has found that cyber security tops chief information officers’ concerns, with 84 percent of CIOs stating that they are either concerned or very concerned about the risks associated with IT security breaches.

Yet while security issues remain the biggest concern that CIOs have about migrating their technology functions to the cloud, less than half (45 percent) test cloud vendors’ security systems and procedures.

The UK director of risk consultancy Protiviti said: “These statistics indicate that either there is an inherent trust in cloud service providers, or there is a lack of visibility of potential risks associated with using them. However, there is also a potential risk that CIOs are not always involved in the overall business making decision to procure cloud services – limiting their ability to carry out effective due diligence before these services are adopted.

“Since an increasing percentage of IT security breaches involve third parties, gaining assurance from cloud providers is critical to managing information security risk. Whilst companies may migrate IT towards cloud providers in an attempt to reduce costs, they cannot outsource their information security risks. Unless adequately managed, the cost of security breaches – either regulatory and or legal – may outweigh the perceived benefits of moving into the cloud.”

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA's Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.