Press Release


 New ISACA Guide Helps Enterprises Solve 13 Cloud Challenges 

Tools Help Ensure Control and Assurance in the Cloud

Rolling Meadows, IL, USA (15 April 2014)—In the past five years, cloud adoption has changed from an idea that met resistance to a solution that is growing exponentially. To help companies find value in this solution—and avoid an information security nightmare from the loss of control over their information—ISACA has issued a new guide that provides practical steps for assurance and control in the cloud.

According to ISACA, the following 13 items often lead to cloud challenges:

  1. Location of data
  2. Commingled data
  3. Security policy/procedure transparency (or lack thereof)
  4. Cloud data ownership
  5. Lock-in with cloud service provider’s proprietary application program interfaces
  6. Record protection for forensic audits
  7. Identity and access management
  8. Screening of other cloud computing clients
  9. Compliance requirements
  10. Data disposal
  11. Portability
  12. Service provider viability
  13. Backup and rollout capabilities

Controls and Assurance in the Cloud: Using COBIT 5 provides tools to handle these challenges and provide effective governance and management of cloud initiatives. The publication provides:

  • Cloud risk scenarios
  • Contractual provisions
  • A cloud governance checklist
  • A practical approach to measuring cloud ROI
  • A cloud computing assurance program
  • A process capability assessment
  • Questions boards of directors need to consider

“Cloud initiatives transform business and need to be treated holistically, including addressing governance, risk management, operational, assurance and security considerations,” said Phil Lageschulte, CGEIT, CPA, partner at KPMG and chair of ISACA’s Guidance and Practices Committee. “This guide looks at all of those areas and helps companies ensure that their cloud initiatives are not only delivering value and meeting business goals—but also  managing the new and potentially elevated  risks.”

Controls and Assurance in the Cloud is a complete update to ISACA’s earlier IT Control Objectives for Cloud Computing.  ISACA members can download the ebook.

Note: At the time of publication, this book was complimentary to ISACA members for an introductory time period. There is now a charge for this item. ISACA members receive six COBIT publications free of charge (a US $210 value), and significant discounts on all other COBIT publications.



With more than 115,000 constituents in 180 countries, ISACA ( helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association, which has 200 chapters worldwide, advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. ISACA also developed and continually updates COBIT, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn:  ISACA (Official),

Like ISACA on Facebook:



Kristen Kessinger, +1.847.660.5512,

Joanne Duffer, +1.847.660.5564,

Rachel Acevedo, +1.847.660.5717,