Thoughts on Entering Into Cloud Engagements

Much has been written, including by me, about the risks (and benefits) of cloud engagements.  I think a step back maybe in order – perhaps even two steps back.  That is, I think it is far too easy to lose the forest for the trees in considering the cost-benefit of a proposed cloud engagement.

Recently, the Federal Financial Institutions Examination Council (FFIEC) issued a guidance for financial institutions regarding cloud engagements (  While directed at businesses in the financial services industry, the guidance provides some very sound advice that every business should consider.  Specifically, the FFIEC’s primary point was:  treat cloud engagements as you would any other outsourced technology engagement.  While that seems overly simple, consider that many businesses do not take that approach.  Rather, in considering a cloud engagement, many businesses start with the premise that they have to expect far less protection than they would receive in a traditional technology transaction.  That is very unfortunate, but highlights the current state of cloud contracting.

I suggest every business start their cost/benefit analysis of a potential cloud engagement by asking the same questions and expecting the same level of protection that it would in a traditional locally hosted transaction or any other form of comparable outsourcing engagement.  Setting expectations low at the outset shouldn’t be the de facto approach to cloud contracts. 

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Healthcare records for sale on Dark Web