The Public Eye with Eric Chabrow

6 Principles for Effective Cloud Computing

ISACA Guide Aims to Minimize Cloud Computing Risks

The cloud, in the long run, should make enterprise computing more efficient and, yes, more secure. In the meantime, those charged with executing their organization's cloud services face a series of tough decisions.

Among the latest experts to offer advice come from ISACA, the professional association focused on IT governance. ISACA counsels that organizations adopting cloud computing should adhere to six principles. Doing so will help enterprises avoid the perils of transferring IT decision making away from technology specialists to business unit leaders.

See Also: How to Take the Complexity Out of Cybersecurity

The six principles - detailed in the recently published ISACA publication Guiding Principles for Cloud Computing Adoption and Use - include enablement, cost/benefit, enterprise risk, capability, accountability and trust. Here's how ISACA defines each of those principles:

  1. Enablement: Plan for cloud computing as a strategic enabler, rather than as an outsourcing arrangement or technical platform.
  2. Cost/benefit: Evaluate the benefits of cloud acquisition based on a full understanding of the costs of cloud compared with the costs of other technology platform business solutions.
  3. Enterprise risk: Take an enterprise risk management perspective to manage the adoption and use of cloud.
  4. Capability: Integrate the full extent of capabilities that cloud providers offer with internal resources to provide a comprehensive technical support and delivery solution.
  5. Accountability: Manage accountabilities by clearly defining internal and provider responsibilities.
  6. Trust: Make trust an essential part of cloud solutions, building trust into all business processes that depend on cloud computing.

Ramsés Gallego, the Quest Software security strategist who serves on ISACA's Guidance and Practices Committee, characterizes cloud computing as a game changer, especially for the small and midsize enterprise.

"Its availability means that technology infrastructure is not the market differentiator it has been in the past," Gallego says. "These principles will enable enterprises to experience the value that cloud can provide and help ensure that internal and external users can trust cloud solutions."

Trust is key because many people, including IT security experts, lack confidence in the cloud as a platform that assures security and privacy.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.