New ISACA Guide Facilitates Secure Migration to the Cloud
Transborder legal requirements and disaster recovery plans among key considerations
Wellington, New Zealand (21 September 2012) – Cloud computing continues to have a significant impact on the way enterprises operate, and companies are increasingly
migrating to the cloud as a result of its value. But security and data privacy concerns are critical issues to consider
before adopting cloud-computing services. Security Considerations for Cloud Computing, a new book from global nonprofit IT association ISACA, presents practical guidance for IT and business professionals to help them securely move to the cloud.
The book, available as a complimentary download for ISACA members and at $75 for nonmembers, details how cloud computing
will gain importance as both the cloud and cloud-service-provider markets mature. Particularly in times of cost
optimisation and economic downturn, the cloud can be perceived as a more cost-effective approach to technological
support of the enterprise.
Before migrating to the cloud however, ISACA recommends considering the following factors, which can increase risk:
• Legal transborder requirements—Cloud-service providers are often transborder, and different countries have different legal requirements, especially
concerning personal or private information.
• Absence of disaster-recovery plans—The absence of proper backup procedures implies a high risk for any enterprise.
• Physical security of computer resources—Physical computer resources can be shared with other entities in the cloud. If physical access to the cloud-service
provider’s infrastructure is granted to one entity, that entity could potentially access information assets of other
entities.
• Data disposal—Proper disposal of data is imperative to prevent unauthorized disclosure.
• Cloud provider authenticity—Although communications between the enterprise and the cloud provider can be secured with technical means, it is
important to verify the identity of the cloud provider to ensure that it is not an imposter.
Just as cloud computing is about more than just IT infrastructures, platforms and applications, the developers of Security Considerations for Cloud Computing stress that the decision to operate in the cloud should not be made solely by IT organisations. The use of cloud
services might entail high risk for the business and should be evaluated by responsible parties from the different
control functions within an enterprise.
“Cloud computing can present a number of challenges and risks with respect to security, privacy and trust,” said Yves Le
Roux, CISM, principal consultant with CA Technologies and a member of the publication’s development team. “This book
gives practical guidance to prospective cloud users on issues that must be addressed by business management and those
responsible for ensuring the protection of information and business processes when selecting or implementing a cloud
solution.”
Security Considerations for Cloud Computing is designed to enable effective analysis and measurement of risk through a tool kit that contains items such as
decision trees and checklists outlining the security factors to be considered when evaluating the cloud as a potential
solution.
Additional information is available at www.isaca.org/cloud.
About ISACA’s Cloud Computing Initiative
ISACA has been a pioneer in cloud governance, risk and compliance (GRC). A member of the Cloud Security Alliance, ISACA
has published IT Control Objectives for Cloud Computing, a cloud computing audit program and cloud-related white papers; and holds cloud-related education sessions worldwide. Its flagship COBIT 5 framework for the governance and management of IT helps enterprises worldwide with effective governance of cloud
initiatives. ISACA members can take advantage of this extensive body of cloud knowledge through the ISACA Knowledge Center Cloud Computing group, which offers expert-led discussions, peer networking, publications, survey data, wikis and online learning.
ISACA
With more than 100,000 constituents in 180 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems
(IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in
1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value
from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified
Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of
Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA continually updates and expands the practical guidance and product family based on the COBIT® framework. COBIT
helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly
in the areas of assurance, security, risk and control, and deliver value to the business.
Twitter: https://twitter.com/ISACANews
LinkedIn: http://linkd.in/ISACAOfficial
Facebook: www.facebook.com/ISACAHQ
ISACA Knowledge Center: www.isaca.org/knowledge–center
Franziska Kaestner
Consultant
ENDS