Launch of first cloud risk evaluation framework hopes to give businesses a full view of the risks involved

Adoption of cloud computing stifled due to poor risk assessment

Widespread adoption of cloud computing is being hampered by the inability of organisations to fully understand the risks involved, according to Marsh. At the launch of its Cloud Risk Framework, the broker said that organisations must have a greater understanding about the risks involved with cloud computing in order for its implementation to be a success.

Proponents of cloud computing claim that it allows business to obtain faster execution speeds and also reduces maintenance costs since the majority of information is held across a network rather than in a physical data centre.

According to Fredrik Motzfeldt, Leader of Marsh’s Communications, Media and Technology Practice in Europe, the Middle East and Africa (EMEA): “Moving information technology (IT) services to the cloud presents a conundrum to many businesses. Although it promises greater financial efficiency and productivity, the cloud brings an increased dependence upon technology infrastructures housed outside an organisation’s immediate control.”

In light of this, Marsh have developed their Cloud Risk Framework which details a five-stage process that enables organisations to evaluate the risks and the potential financial impact of any change in risk profile involved in a shift to ‘the cloud’.

The framework’s five-stage process includes:

  • Identifying key categories of risk for IT services clients;
  • Categorising potential types of loss and costs typically linked to IT service failure;
  • Quantifying areas of financial impact;
  • Allocating the cost of a risk event between the customer and cloud provider;
  • Determining the likelihood of a risk event occurring.

According to Motzfeldt, it is hoped that the framework will enable businesses to “ navigate the complex issues surrounding cloud use decisions, including security challenges and regulation. With this objective analysis, they can then avoid some of the more subjective and emotional factors that might otherwise affect their judgment.”


StrategRISK will be hosting its Inaugural European Cyber Risk Management Summit 2012 in London on Wednesday 7 November 2012