Maria Baturova and Kai-Uwe Ruhse, CISA, PCI QSA
We would like to share with you some background information about our recent ISACA Journal
article “Cloud Computing: Cloud Computing as an Integral Part of a Modern IT Strategy
”. We had the idea of writing an article about our experience with cloud computing last year. Our intention was to share our main observations within the ISACA expert community. Since most of publications about cloud computing are focused on IT security issues, we decided to describe cloud computing services from the IT strategy perspective.
First of all, we considered cloud computing services neither as a new technology nor a new business model. From the business perspective, the cloud computing services can be considered simply as a modern outsourcing initiative. The case study described in our article is based on our extensive support with the alignment of a new IT strategy of one of our long-standing business clients. Within this initiative, the existing old IT strategy was analyzed, updated and integrated with the other business strategies to ensure proper business IT alignment and to increase IT awareness.
In addition to strategic considerations, risk management and compliance are, in our opinion, the most challenging aspects for current cloud computing projects. There are several security and legal aspects that definitely should be considered within the implementation of cloud computing services. There are also significant service level agreements (SLAs) required to manage the interface between organizations, processes and responsibilities, to ensure control and accountability.
In conclusion, we noticed that IT services considered to be uncomplicated are often outsourced into a cloud as a test for future projects. We would be glad to take in your opinions or counter opinions. So please share your experiences with the strategic alignment of cloud computing services in practice.