Shutdown in the Cloud !

Recently there have been a few Shutdowns of Cloud Services with short notice periods which have forced customers to scurry for cover and in some cases customers have been caught in a bind
Shutdown in the Cloud will be an eventuality when companies cannot scale in the cloud and remain profitable, they get choked for cash and suffer slowly leading to instant death within weeks after they are choked of funds.
How do we handle Shutdown's in the Cloud will be the next domain for Risk Management in the Cloud.
Though outright it looks straightforward and it appears we can apply the same matrix as we would to technology vendors, but this may not be the right approach.
There are various dimension of Risk to be associated and constant monitoring of the health of the vendors is essential in the fast changing landscape of technology vendors which is pitted with risk and unexpected twists and turns.
Why Cloud computing, we seem to forget how Tandem, Digital was snapped up by Compaq in months when they were tottering and more recently Blackberry. Constant vigil is required on the technology readiness of the vendors, their financial liquidity and the ability of the leadership team.
No one would have predicted that the Investors in Microsoft would want Bill Gates out along with Steve Ballmer who is stepping down as the CEO.

Make sure your vendor can stay afloat in the cloud !(Photo Courtesy Amitav Thamba )

Hence singling out the cloud service provider for unexpected shutdown is not fair, rather a more mature approach is needed in managing and preparing for Shutdown's in Cloud.
For one there must be a contingency plan and for sure you must have all your Data backed up with a second independent vendor to contain the risk of losing your digital assets. Regular assessment of the vendors financial and operational health and review of the leadership team is essential.
Does Shutdown in the Cloud means we go back to the old ways of computing, it is doubtful if we can replicated the benefits of the cloud in running our own data centers and also we may be hampered in finding adequate talent to keep the lights on.
So the best approach will be to embrace the cloud, but with wide open eyes and with risk management skills and as a team rather in cloud adoption.
I am sure more will be written on managing shutdown in the cloud and how to prepare for them, let us wait for the pundits to give us the nuts and bolts, until then let us use our expertise and maturity in managing our cloud vendors.

Compliance alone will not Secure the Bank

Banks scurry to meet compliance requirements; many have a team of professionals whose job is to meet compliance requirements and also convince the auditors that the Bank is Compliant.
A lot of energy is expedited in ensuring SOX, ISO 27 K +++, Basel compliance, the regulators long compliance which banks need to comply with.
Let us focus on Security, many banks have an annual audit and some of them may have a bi- annual audit,
Audits cost time and money and the financial risk management is more demanding then information security; technology is secure, we have a firewall and anti virus and anyways it is not a Board Item in many banks.

Banks need to be able to Crow about their Security 

In the old days information security in banks was bracketed under operational risk, but as banks rely more on technology, information risk management has come out of its own and the banks appoint a CSO, CISO,  GRC Team etc. Many Banks follow a prudent policy of separating IT Risk Management from the IT department and keeping it under the Risk Management Department which is a good practice.
But few banks consider investing on tools and resources that can perform continuous information audit on their information systems. In a fast changing world where banks are held to ransom by organized crime it is time that banks realized that compliance alone will not secure the Bank.
It is time for  banks to invest in SIEM tools, continuous audit and control tools and a team to manage the presence of the bank in a hostile cyber world.
Banks who make the investment in securing themselves in a digital world will survive into the next decade, while others may perish.