Public sector IT association Socitm has pointed to a number of risks as part of its new guide to using cloud services.
It has highlighted potential problems within its report on what public sector CIOs and their suppliers need to know in applying the services.
It says that outsourcing workload to the cloud does not outsource responsibility for risk, and that CIOs need to ensure that supplier monitoring and security reporting is in place.
Socitm points to five common risks in cloud usage, including that there are more cloud apps in use than known about previously, often in ‘shadow IT’ – devices and applications used by staff while unknown to IT teams.
Others are: an increased dependency on internet connectivity and capacity; that there is no clear data ownership in many apps; sometimes the use of data is not understood or tracked, which has implications for compliance with the General Data Protection Regulation; and there is no guarantee that data is deleted when the service ends.
These require a CIO to focus on the control of data and technical environments along with wider risks such as the huge growth in home working, the report says.
It addresses details of several other issues, including building the business case for cloud, technical considerations, choosing a service partner, where cloud fits in service integration and management, and defining data requirements.
Socitm associate director and report author Jos Creese said: “There are challenges, some of which are particularly relevant to the public sector, for example where protecting vulnerable people and specialist services can make cloud adoption more challenging, so this report offers practical guidance to support that journey.”
Image from iStock
