Risk points of cloud computing applications

(1) Technical risks

Technical risks associated with cloud computing include capacity planning failures, insecure or incomplete data deletion and multi-tenancy and hypervisor vulnerabilities. Whether financial institutions use traditional data center arrangements or cloud services, capacity planning (to deal with potential resource exhaustion) is always necessary. Because cloud providers can store data across multiple facilities—if the data of a financial institution is not encrypted, there is a risk that confidential data may be leaked. Cloud services rely on virtualization, which means that if there are vulnerabilities in the virtual monitor, it may lead to system failure or network attack. In response to such technical vulnerability, existing cloud service providers have developed corresponding software and hardware to reduce the vulnerability of virtual machine monitors to network attacks.

(2) Operational risk

The adoption of cloud computing will also expose financial institutions to operational risks, such as the "lock-in" risk, that is, the risk of financial institutions relying too much on specific service providers. However, financial institutions can address lock-in risks by operating across multiple cloud providers and using open-source technologies, so that they can move data and utilize services across different environments. In addition, financial institutions' reliance on only a few dominant cloud providers may lead to risks at the level of the entire financial industry. If cloud computing becomes a part of the core infrastructure of the financial system, the industry-level risks brought about by the concentration of cloud providers will be more worrying.