Advancing UK Aerospace, Defence, Security & Space Solutions Worldwide

Features

Managing cloud computing risks

Sarah Hewitt, Director, Major Risks Practice, Gallagher and Craig Mounser, Senior Underwriter, Technology Practice, Travelers Insurance Company, provide insights into cloud computing opportunities and risks.



What is ‘Cloud Computing’?

Providers of cloud computing services ‘rent’ technology infrastructure to companies, as and when they need it. As data grows, and computing and storage needs increase, companies pay cloud providers based on how much service they use, instead of investing in more of their own servers, adding new software or growing their technology workforce.

Advertisement
ODU RT

There are three main service models for cloud computing:
•    IaaS (Infrastructure as a Service) - In the most basic service model, companies can buy access to processing, storage, network and other computing infrastructure.
•    SaaS (Software as a Service) - In this popular model, users access software in a web browser, rather than having to buy and manage their own software.
•    PaaS (Platform as a Service) - The PaaS model is targeted at application developers. Cloud providers offer web-based platforms – along with a range of tools – that allow developers to develop and test applications.

What are the key exposures involved in cloud computing?

When you sign up with a cloud computing provider, you are turning over some of your functions and/or data to people who do not work for you yet your legal obligations, whatever they may be, do not all go away simply because you have contracted out services.

Risk 1: Lack of access
Perhaps the biggest risk is that you are placing your data, operational processes or technological capability in the hands of others. If something happens to the cloud provider’s equipment or the business suddenly closes its doors, how will you continue to operate?
Risk 2: Security as a low priority
Many cloud providers do not see security as a key component of their business model. The way that some companies often end up contracting for cloud services adds to the risk. Rather than a uniform, high-level decision made by corporate leaders with appropriate scrutiny of all issues, in many companies end users arrange their own cloud computing use.
Risk 3: 'Take it or leave it' contracts
Cloud computing service agreements are often pro-vendor and may lack adequate protection for cloud users. If you seek modifications of the cloud provider’s contract, you may be told to 'take it or leave it'. Nonetheless, contracts should always be reviewed and assessed for exposure to risks.
Risk 4: Legal compliance
Contracting for computer cloud services does not transfer the primary obligation for compliance from your company to the cloud providers. Ultimately, you are responsible for your company’s legal obligations, whether to customers or regulators. Your risk can be managed contractually but your legal obligations are not all eliminated or transferred.

How can you manage these risks?
One way to mitigate risk is to implement the same level of due diligence that you would in making any other contracting decision.
1.    Make sure that the right people – such as technology experts, risk managers and lawyers – in your organisation are assessing the risk, evaluating the cloud provider’s services, and mitigating exposures through contractual provisions, including use of indemnity and transferring liability.
2.    Decide within your organisation what data to send to the cloud, what data should be maintained in-house, and how to back up and archive all data for disaster recovery planning purposes and regulatory compliance.
3.    Make sure once your contract is in place that someone actively manages it, monitoring performance and requiring compliance with contract provisions, including service level agreements.
4.    Work closely with your broker and insurer to understand your insurance coverage. Cyber risk policies typically protect you from the cost of losses that your customers incur because of technology problems you encounter, such as transmission of viruses, denial of service or disclosure of private information.
5.    Well-documented compliance.

Advertisement
SPX Comms

In conclusion, as the economies of scale continue to grow, it is likely costs will fall and reliability and security standards will improve making cloud computing ever more attractive to a wider range of business models and the growth trend in the take up of cloud computing will continue for the foreseeable future.

 

Advertisement
L3Harris LB May IAMD L3Harris LB May IAMD
Delivering advanced UK air mobility by 2030

Features

Delivering advanced UK air mobility by 2030

1 June 2024

Jeff Hoyle, Executive Vice President of Global Aero, Space and Defence and Managing Director UK and North America, Expleo, considers whether there is time enough to build an advanced air mobility sector in the UK by 2030.

Bringing innovation to life

Features

Bringing innovation to life

10 May 2024

Paul Adams, Director and aerospace and defence sector specialist at management consultancy Vendigital, defines the risks and challenges involved in taking innovative aerospace and defence products to market.

The rise of low-carbon aircraft

Features

The rise of low-carbon aircraft

24 April 2024

Stephen Gifford, Chief Economist at the Faraday Institution, examines the potential of three technologies being developed for future low-carbon aviation.

Prioritising sovereign capability

Features

Prioritising sovereign capability

17 April 2024

Martin Rowse, Campaign Director, Airbus Defence and Space, looks at why reinforcing the UK's security requires the prioritisation of sovereign capability across the country's defence and space sectors.

Advertisement
SPX Comms
Insider threats: the risks employees can pose

Features

Insider threats: the risks employees can pose

8 April 2024

With insider threats on the increase, Noah Price, G4S Academy International Director, explains the risks and threats employees can pose to your organisation and how to prevent them.

Securing environmental licensing and sustainable data for spaceport operations

Features

Securing environmental licensing and sustainable data for spaceport operations

2 April 2024

Ruth Fain, head of advisory for ITPEnergised, who has worked with SaxaVord Spaceport, launch operators, local authorities and the CAA on environmental consent for UK spaceflight activities, outlines recommendations for future-proofing ongoing data collection for space operator activities in the UK.

Advertisement
Marshall RT 2