Cloud computing is growing in popularity and has become a solution for issues that have plagued organizations and overtaxed IT departments for years. In fact, the number of cloud managed service providers is predicted to triple by 2020. While executives are keen to expand into cloud services and make them an integral part of their digital business initiatives, there are concerns.
Specifically, risk executives are eyeing the emerging risks around the chances of unauthorized access to sensitive or restricted information — or the possibility that the cloud provider won’t be able to provide access to information as a result of disruption in their own operations.
Extreme financial and reputational damage has yet to occur as a result of cloud computing failures, but the possibility worries risk executives nevertheless.
Risk executives reported being most concerned about the probability and impact of potential data risks associated with cloud computing
“Despite the advantages, cloud computing comes with an added vulnerability if data is stored incorrectly or if the provider’s own security is compromised,” says Gartner practice leader Matthew Shinkman.
“To mitigate these risks, executives will need to guarantee that their cloud security strategy keeps up with the pace of this growth. Recent regulatory changes, such as GDPR, and growing scrutiny at the board level about cybersecurity mean the risks associated with what has become a standard business practice are on the rise."
Cloud risks are an emerging concern
Every quarter, Gartner surveys senior risk executives at leading organizations to identify the top risks to their company that are new and unforeseen and whose potential for harm or loss is not yet fully known or has yet to rise to an area of significant concern. If a risk appears in four consecutive quarters, it is no longer considered ‘emerging’ so is removed from the risk list.
In the latest Emerging Risks Report and Monitor, the majority of risk executives reported being most concerned about the probability and impact of potential data risks associated with cloud computing.
To properly vet whether cloud computing presents a risk and better inform security decisions, risk executives should be especially alert to the following key risk indicators:
- Rising proportion of data stored in the cloud
- Changes in product offerings or contract terms from cloud provider(s)
- Growing percentage of non-cloud provider third parties with access to data in the cloud
- Unauthorized employee usage of cloud services
The latest report, which surveyed 110 global executives, also found the following emerging risk events to be of the greatest concern to senior risk executives:
- Cybersecurity disclosure. The guidelines for disclosing cyber breaches will soon become more clearly enforced. With organizations compelled to release breach information much more quickly than in the past, it could lead to a greater negative impact on the enterprise.
- General Data Protection Regulation (GDPR). The possibility of a specific compliance breach has become more of a risk since the regulation’s enforcement May 2018 deadline as significant fines can now be imposed.
- AI/robotics skill gaps. Due to the highly technical and specific skill set required for artificial intelligence and robotics, companies may lack the right capabilities to effectively capitalize on the opportunities associated with these technological advances and could become less competitive as a result.
- Global economic slowdown. The risk that a slowdown in the global economy tied to negative or near-zero percent interest rates will negatively impact firm growth.