For every positive benefit there is almost always a negative to compensate for rapid adoption based on wild enthusiasm. Cloud computing has a number of key risks. 1) data privacy and governing privacy laws 2) multi-cloud relationships and subcontractors are also an issue when using a cloud provider 3) multi-tenancy on the same virtual server could lead to technical and security breaches.
The overarching risk, however, is loss of control. Unlike processing in an internal environment, customers using the cloud have less ability to control their IT environment, and that means less control across-the-board, including in the event of a security breach.
|IT managed internally||Cloud managed IT|
|Companies have more flexibility to make rapid decisions as their needs change||Managed by arms-length contract and there is less flexibility for rapid change; although anything is possible for $$$$$|
|IT’s sole customer is internal and the company’s interest or stake is paramount||Separate company with its own business plan and risk and as a service provider they come first and not necessarily their clients|
Aside from the first three bullets above, the overarching risk is no different than any typical outsourcing arrangement and can be managed. In the absence of contractual provisions to the contrary, the customer bears the risk of loss, damage, etc., even when it cedes control of all that personal data to the cloud provider. And most cloud providers resist imposition of liability for breaches and other incidents involve sensitive information of employees and customers. So the perceived cost benefits of the cloud described above could be illusory in the long-run, unless care and attention is paid to contract arrangements, right to audit, and just plain basic common sense associated with any outsource arrangement.