Risk Management Considerations in Cloud Computing Adoption

Abstract

Information and Communication Technology (ICT) plays a pivotal role in enabling organizational capability and productivity, and in initiating and facilitating innovation across all industry sectors. In recent years, cloud computing has emerged as a growing trend because it serves as an enabler of scalable, flexible and powerful computing. Consequently, each year significant global investment is made in migrating to the cloud environment. However, despite its growing popularity, several risks and security concerns surround the cloud computing model. Therefore, understanding an organization’s readiness and ability to mitigate associated risks is critical prior to embarking on the cloud computing journey. One approach to determining an organization’s ability to effectively migrate to the cloud is to determine the current maturity of both its cloud computing capabilities and its risk management capabilities. As such, the Cloud Computing tool and the Risk Management (RM) Critical Capability of the IT Capability Maturity Framework (IT-CMF) are proposed as effective maturity assessment instruments to enable organizations to establish future roadmaps that will improve their maturity with respect to their cloud computing readiness. Increasing the level of maturity improves organizational practices surrounding the identification and mitigation of risks/threats that pertain to the cloud environment