Risk Assessments

 View Only
  • 1.  Microsoft Cloud Hosting versus Internal Hosting

    This message was posted by a user wishing to remain anonymous
    Posted 09-08-2022 08:40 AM
    This message was posted by a user wishing to remain anonymous

    What are the risks between cloud hosting and internal hosting behind our firewall?

    Thanks!


  • 2.  RE: Microsoft Cloud Hosting versus Internal Hosting

    Posted 09-08-2022 08:51 AM

    This is a massive topic - but in general the trade-offs are between the control you have over your own IT environment, and the economy of scale and reputational risk that the cloud host provides.

    In theory a cloud host can provide transparent [zero-downtime] and timely patching of the underlying operating systems and enterprise software layers, as well as providing tighter and more monitored network perimeter around your resources. This is not always the case, and a lot of the calculus depends on the particulars of the system you are evaluating.

    If the breach of the particular system under consideration has low risk to your organization, but breach of other network resources has high risk, you may want to remove that resource from your internal environment so that a security failure of a non-critical resource cannot provide a foothold that could be leveraged for greater access to your environment. 

    Hopefully your IT team or consultants can help you work through the particulars of your configuration and resources. 




  • 3.  RE: Microsoft Cloud Hosting versus Internal Hosting

    Posted 09-08-2022 09:19 AM
    I would also add concentration risk into the mix when looking at risks associated to cloud hosting.  Be sure you are tracking not only your organization's own cloud hosting vendor(s) but also the cloud hosting vendors associated with your vendor panel.  
    For cloud hosting I additionally track the physical location of the associated servers, primary and back-up locations.

    Shelly

    ------------------------------
    Shelly Chase
    AVP Operational Risk
    ------------------------------