Transborder legal requirements and disaster recovery plans among key considerations
Rolling Meadows, IL, USA (20 September 2012)—Cloud computing continues to have a significant impact on the way enterprises operate, and companies are increasingly migrating to the cloud as a result of its value. But security and data privacy concerns are critical issues to consider before adopting cloud-computing services. Security Considerations for Cloud Computing, a new book from global nonprofit IT association ISACA, presents practical guidance for IT and business professionals to help them securely move to the cloud.
The book, available as a complimentary download for ISACA members and at $75 for nonmembers, details how cloud computing will gain importance as both the cloud and cloud-service-provider markets mature. Particularly in times of cost optimization and economic downturn, the cloud can be perceived as a more cost-effective approach to technological support of the enterprise.
Before migrating to the cloud however, ISACA recommends considering the following factors, which can increase risk:
- Legal transborder requirements—Cloud-service providers are often transborder, and different countries have different legal requirements, especially concerning personal or private information.
- Absence of disaster-recovery plans—The absence of proper backup procedures implies a high risk for any enterprise.
- Physical security of computer resources—Physical computer resources can be shared with other entities in the cloud. If physical access to the cloud-service provider’s infrastructure is granted to one entity, that entity could potentially access information assets of other entities.
- Data disposal—Proper disposal of data is imperative to prevent unauthorized disclosure.
- Cloud provider authenticity—Although communications between the enterprise and the cloud provider can be secured with technical means, it is important to verify the identity of the cloud provider to ensure that it is not an imposter.
Just as cloud computing is about more than just IT infrastructures, platforms and applications, the developers of Security Considerations for Cloud Computing stress that the decision to operate in the cloud should not be made solely by IT organizations. The use of cloud services might entail high risk for the business and should be evaluated by responsible parties from the different control functions within an enterprise.
“Cloud computing can present a number of challenges and risks with respect to security, privacy and trust,” said Yves Le Roux, CISM, principal consultant with CA Technologies and a member of the publication’s development team. “This book gives practical guidance to prospective cloud users on issues that must be addressed by business management and those responsible for ensuring the protection of information and business processes when selecting or implementing a cloud solution.”
Security Considerations for Cloud Computing is designed to enable effective analysis and measurement of risk through a tool kit that contains items such as decision trees and checklists outlining the security factors to be considered when evaluating the cloud as a potential solution.
Additional information is available at www.isaca.org/cloud.
About ISACA’s Cloud Computing Initiative
ISACA has been a pioneer in cloud governance, risk and compliance (GRC). A member of the Cloud Security Alliance, ISACA has published IT Control Objectives for Cloud Computing, a cloud computing audit program and cloud-related white papers; and holds cloud-related education sessions worldwide. Its flagship COBIT 5 framework for the governance and management of IT helps enterprises worldwide with effective governance of cloud initiatives. ISACA members can take advantage of this extensive body of cloud knowledge through the ISACA Knowledge Center Cloud Computing group, which offers expert-led discussions, peer networking, publications, survey data, wikis and online learning.
With more than 100,000 constituents in 180 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.
ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
ISACA Knowledge Center: www.isaca.org/knowledge–center
Kristen Kessinger, +1.847.660.5512,email@example.com
Joanne Duffer, +1.847.660.5564, firstname.lastname@example.org