However, as a security system/network/security administrator for thissmall software company, there are some concerns that will allow cloud computingto not be applied to all areas of this company. Regular checkpoints, securityassessments, and audits should be conducted on a consistent basis and company shouldnot rely only on their vendors to deliver assurances that their business andits every day processes are secure. Outsourcing can help to cut some cost butinvestment in the technology and regular training of its employees within thecompany can also benefit the company over time when it comes to security. Anin-house system will indeed have more upfront costs with the addition of the hardware,but it will cost less each following month and while for the cloud, the monthlycost is nearly close to double even though there may be a small premium. Theup-front costs for an in-house system may sound a little daunting, but thecompany will end up earning back its investment quicker than you would with acloud-based system and it also don’t have to pay a monthly cost for memory,since it will be using existing infrastructure (Job, 2016).
There may also becosts within that monthly fee that may not be included and with the changing needsand goals, additional costs of maintenance, storage and upkeep will have to beconsidered as well. Another concern is that the network administrators would have lesscontrol to the outsourced systems. In case of an attack, the company must rely andwait on the vendor to maintain the current damage, assess any data loss, andthwart off the threat. It is not guaranteed that the vendor can devote the timeexactly when the company needs it to find the necessary solutions and providefuture prevention and it may come at a cost. The company will not have directaccess to the actual hardware or software to mitigate the risk themselves in a timeliermanner. For example, with a denial of service attack in the cloud scenario, itcould result in a gridlock and cause a shutdown of the network or impairservice in such a way that the company is not aware but is still billed for allthe resources consumed during the attack. Also, controls that an internaladministrator may usually impose within a system may not be considered the samewithin the cloud perspective which can allow for employees or hackers to easilyaccess the company’s sensitive data since the services are offered over the Internet.
Lastly, to engage a vendor for cloud services, the company will have to agreeto contracts that can span over years. It maximizes the profits for the vendor,but flexibility is limited in the future if the company wants to find a vendorto better fit their needs or to provide additional support. With these reasons,the overall recommendation is to not implement cloud based services. Inconclusion, with the increasing concern of security within a network, companiesmust evaluate the greater risks they are facing against protecting thesensitive information inside of their network. The incorporation of basicprinciples and protection mechanisms, whether internally or externally, help todefend from external risks and internal threat agents. This paper explored the circumstancesand points of interest for assessing the outsourcing risk through the comparisonof key aspects of the company such as cost, flexibility, technology, andoverall security within the business.