ISACA issued a new guide for implementing controls and governance
According to a survey of ISACA’s Australian members, less than half — 42 per cent — currently include Cloud computing strategies within their enterprise. And 80 per cent of these organisations limit Cloud computing to low-risk, non-mission-critical IT services.
Due diligence around the proposed service provider and appropriate controls must also be in place, she said, to ensure corporate information, is protected from loss, theft, tampering and loss of jurisdictional control.
Key questions for Cloud governance
ISACA’s guidance recommends enterprises ask the following key questions:
- What is the enterprise’s expected availability?
- How are identity and access managed in the Cloud?
- Where will the enterprise’s data be located?
- What are the Cloud service provider’s disaster recovery capabilities?
- How is the security of the enterprise’s data managed?
- How is the whole system protected from internet threats?
- How are activities monitored and audited?
- What type of certification or assurances can the enterprise expect from the provider?
ISACA will hold its Oceania CACS2011 conference to be held in Brisbane from 18-23 September, which will explore issues such as control, risk management, data loss prevention and assurance for Cloud strategies.