Cloud Computing and the Enterprise Risk Management: Opportunities and Risks (Part 1/3)

by: Amir R. Saghafi Lasemi CISRCP, CRCMP, CSOE, MMgt
Governance, Risk, and Compliance (GRC) Consultant

The swift and all-encompassing advancement of information technologies has benefited the realm of risk management with many substantial benefits while introducing noteworthy challenges in the meantime. Whereas the development and application of these technologies have helped streamlining and optimizing governance, risk and compliance (GRC) initiatives and related efforts across various organizations of size, industry and location, yet such have also led to the emergence of operational complications with prospective influence on the entire risk archetype of the enterprise. Of notable importance have been the introduction of the cloud computing to the business and enterprise landscape. By transcending beyond IT operations, the tangible benefits of cloud computing are indeed very broad in reach with potential to affect every strategic and functional aspect of the business.

By considering the cloud computing as being more than merely a disruptive technology, the following series of articles aim to provide a brief overview of the benefits and challenges associated with embracing this technology to create a more optimized enterprise risk management architecture. Branded as both a strategy and tool, cloud computing bears significant potentials to transform the organization’s existing share of the IT infrastructure into a more contributive, risk-based component of theEnterprise Risk Management framework.

Cloud Computing & the Business Landscape
Through its ensuing course of evolution, cloud computing has managed to profoundly alter the landscape of technology and business. By enabling its adopters to better harness and integrate other emerging technologies such as social media, mobility, big data and advanced analytics (Figure A), cloud computing has set stage to be reckoned with as one of the fastest growing emerging technologies yet to be embraced. The latest market studies foresee that more than 50% of all information technology (IT) and related business and management applications will be in the cloud domain within the next ten years, reaffirming the technology’s comprehensive reach across the enterprise and its rapid growth.

Figure A- Five Reasons Businesses Use CloudSources: CDW, IBM Center for Applied Insights

Within the context, cloud computing may be delivered and deployed in different models, providing greater levels of service elasticity to scale such based on the organizational needs while enabling metered service to match the cost of resources to the actual needs or usage only. In terms of delivery, cloud services may be offered in the following models:

  1. Cloud-based applications or Software-as-a-Service (SaaS): In this model, applications are hosted by the vendor on the cloud and becomes available to customers over a network, typically the Internet.
  2. Platform-as-a-Service (PaaS): Unlike the SaaS, PaaS provides a computing platform, a solution stack or a development package to customers over a network, typically the Internet.
  3. Infrastructure-as-a-Service (IaaS): Unlike the SaaS and PaaS models discussed above, vendors utilize IaaS to render computers, either physical or virtual machines, to customers over a network, typically the Internet.

In terms of deployment, cloud services may be offered in the following categories may be offered in the following models:

  1. Public Cloud: A distribution model in which the cloud service infrastructure is owned and operated by the vendor to offer resources and services to variety of customers.
  2. Private Cloud: A distribution model in which the cloud service infrastructure is owned and operated by a single company (dedicated) to control the means of virtualizing resources and automating services, applications and processes customized and used by various lines of business and constituent groups.
  3. Hybrid Cloud: A distribution model that strategically utilizes the private cloud platform with the use of services offered via the public cloud. The hybrid model cohesively attracts these models together by standardized or proprietary technology that enables data and application portability.


Cloud Computing &Enterprise Risk Management Optimization
The beneficial role of the cloud computing in the enterprise risk management architecture may best be perceived through the optimization of the organizational governance, risk and compliance (GRC) activities. Cloud computing can reduce the overall degree of complexity involved with most on-premises, physical computing and information storage operations by simplifying data center operations, enhancing resource utilization and providing alternative backup and disaster recovery tools that otherwise may not be available under one single technological platform. Consequently, specific GRC solutions that play critical roles in organizational Enterprise Risk Management activities can be offered and accessed globally based on specific needs of the organization while maintaining the much needed scalability and security to maintain a competitive edge.

By deploying appropriate cloud computing solutions, Computer and storage resources become rather instantly available on demand. Cloud computing terminates the need to lease brick-and-mortar hardware, physical facilities or employ and train more on-site human resources to ensure compliance. By keeping the costs down, the right adoption plan can make GRC a unified, transparent and global effort on the part of the organizations to maintain compliance and manage risks while remain strategically competitive and economically sustainable. When planned, deployed and managed appropriately, cloud computing “empowers” organizations to adopt viable Enterprise Risk Management architectures and best practices by rationalizing and/or re-engineering GRC business processes, specialization of resources, enhancement of information and data management as well as the reduction of potential and existing impediments associated with legacy IT investments.