Among the latest experts to offer advice come from ISACA, the professional association focused on IT governance. ISACA counsels that organizations adopting cloud computing should adhere to six principles. Doing so will help enterprises avoid the perils of transferring IT decision making away from technology specialists to business unit leaders.
See Also: The Future of IAM: Enterprise
The six principles - detailed in the recently published ISACA publication Guiding Principles for Cloud Computing Adoption and Use - include enablement, cost/benefit, enterprise risk, capability, accountability and trust. Here's how ISACA defines each of those principles:
- Enablement: Plan for cloud computing as a strategic enabler, rather than as an outsourcing arrangement or technical platform.
- Cost/benefit: Evaluate the benefits of cloud acquisition based on a full understanding of the costs of cloud compared with the costs of other technology platform business solutions.
- Enterprise risk: Take an enterprise risk management perspective to manage the adoption and use of cloud.
- Capability: Integrate the full extent of capabilities that cloud providers offer with internal resources to provide a comprehensive technical support and delivery solution.
- Accountability: Manage accountabilities by clearly defining internal and provider responsibilities.
- Trust: Make trust an essential part of cloud solutions, building trust into all business processes that depend on cloud computing.
The cloud's availability means the technology infrastructure is not the market differentiator it has been in the past.
RamsÃ©s Gallego, the Quest Software security strategist who serves on ISACA's Guidance and Practices Committee, characterizes cloud computing as a game changer, especially for the small and midsize enterprise.
"Its availability means that technology infrastructure is not the market differentiator it has been in the past," Gallego says. "These principles will enable enterprises to experience the value that cloud can provide and help ensure that internal and external users can trust cloud solutions."
Trust is key because many people, including IT security experts, lack confidence in the cloud as a platform that assures security and privacy.