Cloud Services: Why using the cloud doesn’t make you ‘Cyber-safe’

Many companies believe that using the "Cloud" transfers all of their cyber risk to the provider - but this is simply not true. Companies have many of the same responsibilities, and even some new liabilities, when using Cloud-based services.

The Shared Responsibility Model

Recent years have seen an increased transfer of business IT systems and services into third-party owned and operated systems "in the Cloud". While Cloud-based systems do help to reduce certain risks and lower total cost of ownership of a system, they can also increase an organisation's risk exposure, whether it's from cyber and data incidents or regulatory risk.

When your business moves a system into the Cloud, what you are transferring is your risk of operating the physical world hardware and some of the underlying infrastructure software and related security. However, your business remains liable for many aspects of the system security and all of the data that you collect, process, store, and disclose in the process. Your business may also have various new legal obligations and risks when using Cloud-based systems.

In practice, this means businesses need to understand the risks associated with using Cloud services and actively identify, minimise and manage these risks by incorporating cyber and privacy as core components of your enterprise risk framework and doing detailed due diligence of all your Cloud Service Providers (CSP).

Understanding the Shared Responsibility Model and your cloud risks

Want to know more? Just click below for James Cole’s full analysis.