Home

Quick Links

Legal & Sitemap

navigation
Home > Trends & Insights > Auditors Evaluate Cloud Computing Risks

Article

 

Monday, May 14, 2018

Auditors Evaluate Cloud Computing Risks


Cloud computing is reshaping the storage of critical business information, including sensitive personal data of customers and employees. Similar to paper files, the cloud may bring considerable security risks — but risks associated with the cloud might not be readily understood by some business owners and executives.

External auditors have added the evaluation of cloud computing risks to their overview risk assessment. During audit procedures, they’re likely to ask questions about your company’s policies and procedures for storing and accessing data on the cloud. Examples include:

  • What have you done to protect electronically stored data against hackers?
  • Has your staff been trained about cloud computing security, including the dangers of opening phishing emails, sharing passwords and accessing company data in public places, such as coffee shops and airports?
  • Do you have insurance to protect against and respond to cyberattacks or other cloud outages? (This coverage is usually supplemental to your business liability policy.)
  • How often does your cloud computing provider back up the information it’s storing?
  • How will you and your cloud provider respond if data is stolen by a third party, a cloud company employee or one of your employees?
  • What’s your backup plan if the cloud goes down? Do you have a “backup cloud”?
  • How much would a cyberattack or outage cost your company on a per-minute basis?
  • What is your cloud computing vendor’s service-level commitment (typically stated as a percentage of the year)? And how does this commitment translate in terms of potential minutes of downtime for the year?
  • How did the vendor’s service-level commitment compare to your actual downtime for the previous year?
  • Do you have a service-level agreement that documents the availability of your data and the penalties if the data becomes unavailable?
  • Does your company have a policy for transferring (and disposing of) data if you decide to switch cloud computing providers?
It’s a smart business practice to think about these questions before your auditors ask them. If you don’t know one of the answers — or if your answers are lacking — make it a priority to reinforce data security as soon as possible. Securing the cloud should be a proactive process, not a reactive one. Failing to identify potential pitfalls that are inherent in a cloud computing relationship can result in unexpected costs that can far exceed the short-term cost savings of operating on the cloud.

 

RELATED ARTICLES

• Article : FASB Proposes Updated Standard for Cloud Computing

COMMENTS

comments powered by Disqus