SM-01 150 150 CloudGovCo
  • Breaches of information privacy and security of personal data.
  • Data being transferred to legal jurisdictions that do not provide adequate data protection.
  • Mismatch between the organization’s legal, statutory, regulatory or contractual requirements and the cloud service provider’s policies, procedures, and operating environment.
  • Capability to access data over public internet increases susceptibility of data to loss, theft, and misuse if breached.
  • Cloud service provider or its subcontractors using the organization’s data for its own purposes without the organization’s knowledge or permission.
  • The organization losing control of the data and data processing when data is managed by a third party off premise.
  • The organization losing control of the data due to data removal after cloud invoices are unpaid over 90 days.
  • The organization or its trusted third party (e.g. auditor) being unable to properly monitor the cloud service provider.
  • Limited flexibility to change the functionality to the cloud services to meet the organization’s business requirements, as providers position their services in the form of commodities.
  • Contracts may be unbalanced with vendors having little willingness to negotiate contracts, thereby providing the organization little in terms of service and compensation.
  • Continuity of services at the end of the Cloud Services Agreement term, where the customer may be ‘locked in’ to continue to use the incumbent due to technical or organizational dependencies.