Skip to main content

This section provides a high-level overview of the risks that should be taken into account when the use of public cloud is being considered. Note that these risk classes are not exclusive to public cloud facilities; rather, they are relevant to all methods of data processing. The well-executed use of public cloud facilities may well reduce some classes of risk, compared to traditional on-premise computing environments.

Risk class Description
Confidentiality Data may be subject to loss of confidentiality through breach, through unauthorised access, or through unintended or accidental leakage between environments.
Integrity Data may be subject to loss of integrity through data loss or unintended manipulation.
Availability Ensuring that access to your data is available when required. Network connectivity to cloud becomes a critical dependency and there is a risk of introducing a Single Point Of Failure (SPOF). Public cloud cannot be assumed to be permanently available; cloud availability and SLA must match the need.
Impact of breach We cannot assume there can never be any breach, so we need to consider the impact of any unintended breach (unauthorised disclosure into an uncontrolled, or less-well-controlled than intended, environment).
Public perception There is some degree of public concern over the use of public cloud given that these are widely available, shared, computing environments.
Lock-in Flexibility may be impacted (resulting in increased levels of lock-in) by: 
  • the adoption of a specific public cloud provider’s unique services
  • the difficulties involved in migrating large quantities of data may make it difficult, in time and/or cost, to migrate to an alternative in the event of future commercial or service changes
  • an architecture that is not sufficiently tailored to a public cloud model

 


Last edited: 8 January 2025 11:38 am