Saturday, August 13, 2011

Cloud computing guide to help enterprise increase value and manage risk

ISACA issued a new guide for implementing controls and governance

For all the talk of Cloud computing, the governance issue remains, for many enterprises, the great unknown. Cloud computing inevitably impacts business processes, making governance vital to managing risk and adapting to take advantage of new opportunities.

According to a survey of ISACA’s Australian members, less than half — 42 per cent — currently include Cloud computing strategies within their enterprise. And 80 per cent of these organisations limit Cloud computing to low-risk, non-mission-critical IT services.

Due diligence around the proposed service provider and appropriate controls must also be in place, she said, to ensure corporate information, is protected from loss, theft, tampering and loss of jurisdictional control.

Key questions for Cloud governance

ISACA’s guidance recommends enterprises ask the following key questions:
  • What is the enterprise’s expected availability?
  • How are identity and access managed in the Cloud?
  • Where will the enterprise’s data be located?
  • What are the Cloud service provider’s disaster recovery capabilities?
  • How is the security of the enterprise’s data managed?
  • How is the whole system protected from internet threats?
  • How are activities monitored and audited?
  • What type of certification or assurances can the enterprise expect from the provider?
ISACA will hold its Oceania CACS2011 conference to be held in Brisbane from 18-23 September, which will explore issues such as control, risk management, data loss prevention and assurance for Cloud strategies.

1 comment:

Anonymous said...

The industrial organization ISACA has launched a cloud computing guide to suffice to the needs of millions of users, new to CLOUD!