Part of Health and social care Cloud Risk Framework
Risk classes
This section provides a high-level overview of the risks that should be taken into account when the use of public cloud is being considered. Note that these risk classes are not exclusive to public cloud facilities; rather, they are relevant to all methods of data processing. The well-executed use of public cloud facilities may well reduce some classes of risk, compared to traditional on-premise computing environments.
Risk class | Description |
---|---|
Confidentiality | Data may be subject to loss of confidentiality through breach, through unauthorised access, or through unintended or accidental leakage between environments. |
Integrity | Data may be subject to loss of integrity through data loss or unintended manipulation. |
Availability | Ensuring that access to your data is available when required. Network connectivity to cloud becomes a critical dependency and there is a risk of introducing a Single Point Of Failure (SPOF). Public cloud cannot be assumed to be permanently available; cloud availability and SLA must match the need. |
Impact of breach | We cannot assume there can never be any breach, so we need to consider the impact of any unintended breach (unauthorised disclosure into an uncontrolled, or less-well-controlled than intended, environment). |
Public perception | There is some degree of public concern over the use of public cloud given that these are widely available, shared, computing environments. |
Lock-in | Flexibility may be impacted (resulting in increased levels of lock-in) by:
|
Last edited: 8 January 2025 11:38 am