ISACA sets six key principles for cloud rollouts

ISACA sets six key principles for cloud rollouts

Body warns on transferring IT decision-making away from technology specialists to business unit leaders

Global information security managers' association ISACA has announced the six key considerations it feels are necessary when rolling out enterprise cloud computing strategies.

ISACA says the growing shift to cloud computing can deliver "significant value" but that most enterprises have little knowledge of the "perils" of transferring IT decision-making away from technology specialists to business unit leaders.

It says eliminating oversight and governance from cloud computing decisions can create "significant risk" to organisations, effectively undermining any benefits of moving to the cloud and, at the same time, potentially creating "serious issues" for organisations.

"Only through proper governance and management can cloud computing achieve its potential for organisations", said ISACA. To help enterprises manage the potential "pressure points" that begin to surface when cloud computing strategies diverge from internally provided IT services or traditional outsourced arrangements, ISACA has issued its "Guiding Principles for Cloud Computing Adoption and Use".

The key principles are:

1. The Enablement Principle: plan for cloud computing as a strategic enabler, rather than as an outsourcing arrangement or technical platform

2. The Cost/Benefit Principle: evaluate the benefits of cloud acquisition based on a full understanding of the costs of cloud compared with the costs of other technology platform business solutions

3. The Enterprise Risk Principle: take an enterprise risk management (ERM) perspective to manage the adoption and use of cloud

4. The Capability Principle: integrate the full extent of capabilities that cloud providers offer with internal resources to provide a comprehensive technical support and delivery solution

5. The Accountability Principle: manage accountabilities by clearly defining internal and provider responsibilities

6. The Trust Principle: make trust an essential part of cloud solutions, building trust into all business processes that depend on cloud computing

Ramss Gallego, a member of ISACA's guidance and practices committee, said: "Cloud computing presents a unique opportunity for enterprises, and is particularly a game-changer for small and medium enterprises, because its availability means that technology infrastructure is not the market differentiator it has been in the past.

"These principles will enable enterprises to experience the value that cloud can provide and help ensure that internal and external users can trust cloud solutions."

In other recent cloud management news Intel has introduced its Cloud SSO (single-sign-on) system as an efficient way for enterprises to provision and de-provision users, and authorise applications and services entirely through a cloud-based service. It will compete with the growing number of cloud-based SSO services from security vendors, including Symantec and Symplified.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ACACA TechnologiesIntelISACASymantec

Show Comments