Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Governance vital for Cloud computing

Effective controls and governance are essential if enterprises are to manage the risks of migrating to the Cloud

Global IT association ISACA has issued a new guide outlining how to implement effective controls and governance for Cloud computing.

According to the guide, titled IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud, when enterprises decide to use Cloud computing for IT services, business processes are impacted and governance becomes critical to:

  • Effectively manage increasing risks
  • Ensure continuity of critical business processes that now extend beyond the data centre
  • Communicate clear enterprise objectives internally and to third parties
  • Adapt effectively
  • Facilitate continuity of IT knowledge, which is essential to sustain and grow the business
  • Handle myriad regulations

However, despite its potential to deliver cost savings, according to a recent survey of ISACA’s Australian membership, less than half (42 per cent) currently utilise Cloud computing strategies in their enterprise. Further, the vast majority (80 per cent) limit it to low-risk, non-mission critical IT services, highlighting the hesitation of businesses to migrate to Cloud.

“Cloud take-up in Australia is relatively slow compared to other countries,” said ISACA international vice-president and Associate Director-General of the Queensland Department of Communities, Tony Hayes.

“Sensitive data, or that which has competitive advantage for organisations, has been retained internally under close scrutiny. Meanwhile, although government agencies are significant investors in IT, to date Cloud computing has been adopted mainly as a concept internal to government.”

ISACA international vice-president and director of information security at RSM Bird Cameron, Jo Stewart-Rattray, added: “While speaking with CIOs in Australia and the US, the mention of Cloud is met in one of two ways — an enormous groan or loud cheer.

"Of course, it will depend on the context of a business whether Cloud offerings suit its needs. If they do, security and governance around such offerings must be in place.”

Stewart-Rattray said due diligence around the proposed service provider and appropriate controls must also be established to ensure the organisation’s most valuable asset, its corporate information, is protected from loss, theft, tampering and loss of jurisdictional control.

According to the guide, to ensure proper governance of Cloud computing, enterprises need to ask some key questions, among them:

  • How are identity and access managed in the Cloud?
  • Where will the enterprise’s data be located?
  • What are the Cloud service provider’s disaster recovery capabilities?
  • How is the security of the enterprise’s data managed?
  • How is the whole system protected from internet threats?
  • How are activities monitored and audited?
  • What type of certification or assurances can the enterprise expect from the provider?

Follow CIO Australia on Twitter: @CIO_Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ACA, CA Technologies, Hayes, RSM Bird Cameron
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cloud, cloud computing, enterprise, enterprises, ISACA
Latest Blog Posts
Whitepapers
  • Case Study: Svenska Kraftnät safeguards web and ensures communication security with Clearswift
    Energy producers from surrounding countries load power onto the Swedish National Grid’s network, with energy suppliers then paying the Swedish National Grid to load onto their grids for them to sell-on to customers. Using Clearswift’s Email Appliance, and MIMEsweeper for SMTP means that the organisation has safe and resilient email helping them to meet their goal of providing a safe, robust, cost-effective and environmentally sound energy transmission system.
    Learn more »
  • Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives
    Service-oriented architecture (SOA) has moved beyond hype to widespread acceptance as an IT strategy for delivering business value. SOA promotes the notion of modularity, providing overwhelming flexibility and superior economics for addressing business demands. However, undertaking the transformation to SOA is not without its challenges. If left unchecked, your inventory of SOA assets will become unmanageable; the reuse of services will diminish in favor of custom development; or even worse, modifications will be made to your existing services that break other business processes. The purpose of SOA governance is to help you ensure that this does not happen. This paper outlines the most compelling reasons for you to establish SOA governance within your organization.
    Learn more »
  • Business Intelligence Best Practices for Dashboard Design
    Even if a dashboard’s appearance looks professional and is aesthetically pleasing, appearances can be deceiving. Although visual design is important, it is also important to ask yourself: Is the data reliable? Is it timely? Is any data missing? Is it consistent across all dashboards?. This paper offers an overview of best practice business intelligence (BI) dashboard design principles and discusses data integration options for getting data into a dashboard.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments