The Public Eye

 

Keeping tabs on federal government efforts to protect citizens' privacy

6 Principles for Effective Cloud Computing ISACA Guide Aims to Minimize Cloud Computing Risks

Among the latest experts to offer advice come from ISACA, the professional association focused on IT governance. ISACA counsels that organizations adopting cloud computing should adhere to six principles. Doing so will help enterprises avoid the perils of transferring IT decision making away from technology specialists to business unit leaders.

The six principles - detailed in the recently published ISACA publication Guiding Principles for Cloud Computing Adoption and Use - include enablement, cost/benefit, enterprise risk, capability, accountability and trust. Here's how ISACA defines each of those principles:

  1. Enablement: Plan for cloud computing as a strategic enabler, rather than as an outsourcing arrangement or technical platform.
  2. Cost/benefit: Evaluate the benefits of cloud acquisition based on a full understanding of the costs of cloud compared with the costs of other technology platform business solutions.
  3. Enterprise risk: Take an enterprise risk management perspective to manage the adoption and use of cloud.
  4. Capability: Integrate the full extent of capabilities that cloud providers offer with internal resources to provide a comprehensive technical support and delivery solution.
  5. Accountability: Manage accountabilities by clearly defining internal and provider responsibilities.
  6. Trust: Make trust an essential part of cloud solutions, building trust into all business processes that depend on cloud computing.
The cloud's availability means the technology infrastructure is not the market differentiator it has been in the past. 

Ramsés Gallego, the Quest Software security strategist who serves on ISACA's Guidance and Practices Committee, characterizes cloud computing as a game changer, especially for the small and midsize enterprise.

"Its availability means that technology infrastructure is not the market differentiator it has been in the past," Gallego says. "These principles will enable enterprises to experience the value that cloud can provide and help ensure that internal and external users can trust cloud solutions."

Trust is key because many people, including IT security experts, lack confidence in the cloud as a platform that assures security and privacy.



About the Author

Eric Chabrow

Eric Chabrow

Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow, who oversees ISMG's GovInfoSecurity and InfoRiskToday, is a veteran multimedia journalist who has covered information technology, government and business. He's the former top editor at the award-winning business journal CIO Insight and a long-time editor and writer at InformationWeek.




Around the Network