Lots of people focus on the shared nature of cloud computing. There are other risks, some are really simple.
Contractual Issues
– like what happens when you are late on payment, or your credit card transaction gets bounced. You might think that taking your website down isn’t correct. You could find out you lose everything, running servers, backups, everything, gone.
– What if there is an argument about over internet usage. Perhaps the cloud supplier invoices you like 10x the normal invoice. You perhaps have little evidence about what happened. Perhaps it was an attack that you say the supplier should be responsible for. If you dispute it, will they just cut you off ?
I found this great article on net-security.org. It talks about the more obvious risks:
1. ID management and Access Control – who is authorized to do what and when.
2. Regulatory requirements – Basel II, SOX, PCI, SAS70
3. Data handling processes – where is the company’s data located? And how is it managed?
4. Staff management – when someone leaves, comes on board or changes roles, what happens?
Are you relying too much on service level agreements?
One of the strategies I suggest clients implement, is a secondary cloud provider. Not necessarily for technical outages, but other sort of issues, like contractual.