Cloud Risks & Risks Management

2/2/22, 5:21 PM Third Party Outsourcing Issues

https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/third-party-outsourcing-issues.html?ou=622270 1/3

Learning Topic

Third Party Outsourcing Issues A third party is a resource provider between the organization and its customers. Cloud

services make up today's third-party outsourcing solutions, and there is a strong business

case for their use. Organizations benefit by reduced equipment and personnel costs, more

flexibility in customizable services offered, predictable cash flows, and increased security.

Virtualized redundant services are scalable on demand and resilient to hardware

component outages.

Some problematic issues for government customers are unpredictable data location,

shared services, and cloud provider certification. More generally, since processing, storage

and administration are not location-specific, jurisdictional legal issues are common.

The Federal Risk and Authorization Management Program (FedRAMP) significantly

mitigates risk while containing costs for federal agencies by arranging for commercial

cloud providers who compete in the federal marketplace. Authorized cloud providers must

offer a strictly standardized set of security controls and binding memoranda of agreement

(MOA). Secure private, public and hybrid cloud options are available through tailoring.

Third-party outsourcing, using FedRAMP or non-FedRAMP providers, reduces security

requirements, but the organization is still responsible for any residual risk. Just as with in-

sourced IT, organizations should contain risk in their dynamic environments by

implementing continuous monitoring auditing controls and user training.

Software as a Service (SaaS) and Infrastructure as a Service (IaaS)

(https://leocontent.umgc.edu/content/dam/course-

content/tgs/cca/cca-

610/document/SoftwareasaServiceSaaSandInfrastructureasaServic

eIaaS_checked.pdf?ou=622270)

Resources

2/2/22, 5:21 PM Third Party Outsourcing Issues

https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/third-party-outsourcing-issues.html?ou=622270 2/3

Choose the best answer to each question:

Question 1

Which of the following is a disadvantage of third-party (cloud)

outsourcing to organizations?

Cloud costs cannot be controlled.

Data storage location is too unpredictable.

Data storage location is too predictable.

By definition, data cloud storage is shared among cloud users.

Question 2

Risks in third-party outsourcing (cloud use) include _______.

potential data integrity loss in public clouds

third-party administrators may not be adequately cleared

cloud providers keep their security policies private

all of these choices

Question 3

The Federal Risk and Authorization Management Program (FedRAMP)

significantly mitigates risk for federal agencies using cloud services, while

containing costs, by producing authorized commercial cloud providers

who compete in the federal marketplace.

True

Check Your Knowledge

2/2/22, 5:21 PM Third Party Outsourcing Issues

https://leocontent.umgc.edu/content/scor/uncurated/cca/2218-cca610/learning-topic-list/third-party-outsourcing-issues.html?ou=622270 3/3

False

Question 4

Authorized cloud providers must offer a strictly standardized set of

security controls but do not have to be binding to a memorandum of

agreement (MOA).

True

False

Question 5

A third party is a resource provider between the organization and its

customers.

True

False

© 2022 University of Maryland Global Campus

All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity

of information located at external sites.