The growing shift to cloud computing can deliver significant value—but most enterprises have little knowledge of the perils of transferring IT decision-making away from technology specialists to business unit leaders. Eliminating oversight and governance from cloud computing decisions can create significant risk to organisations, effectively undermining any benefits of moving to the cloud and, at the same time, potentially creating serious issues for organizations.

 Only through proper governance and management can cloud computing achieve its potential for organizations. To help enterprises manage the potential pressure points that begin to surface when cloud computing strategies diverge from internally provided IT services or traditional outsourced arrangements, global nonprofit IT association ISACA has issued Guiding Principles for Cloud Computing Adoption and Use, a complimentary guide featuring six key cloud computing principles:

1.      The Enablement Principle: Plan for cloud computing as a strategic enabler, rather than as an outsourcing arrangement or technical platform.

2.      The Cost/Benefit Principle:  Evaluate the benefits of cloud acquisition based on a full understanding of the costs of cloud compared with the costs of other technology platform business solutions.

3.      The Enterprise Risk Principle:  Take an enterprise risk management (ERM) perspective to manage the adoption and use of cloud.

4.      The Capability Principle:  Integrate the full extent of capabilities that cloud providers offer with internal resources to provide a comprehensive technical support and delivery solution.

5.      The Accountability Principle:  Manage accountabilities by clearly defining internal and provider responsibilities.

6.      The Trust Principle:  Make trust an essential part of cloud solutions, building trust into all business processes that depend on cloud computing.

“Cloud computing presents a unique opportunity for enterprises—and is particularly a game-changer for small and medium enterprises because its availability means that technology infrastructure is not the market differentiator it has been in the past,” said Ramsés Gallego, CISM, CGEIT, member of ISACA’s Guidance and Practices Committee and security strategist and evangelist for Quest Software. “These principles will enable enterprises to experience the value that cloud can provide and help ensure that internal and external users can trust cloud solutions.”

 “It is obvious that organisations consider cloud computing part of the possible IT sourcing solutions. In view of the questions from management and based on the experiences in the real world around cloud computing, ISACA has bundled these into six guiding principles,” said Marc Vael, Ph.D., CISA, CISM, CGEIT, director of ISACA and chair of the Knowledge Board. “These principles help people make a proper business case and assess the current cloud computing arrangements to help ensure nothing is missed. Moreover, these principles are valid for any organisation, independent of size, industry or geography.

“The ultimate goal is to support organisations in their cloud computing endeavors, with a proper eye for the big picture. I strongly recommend anyone involved in cloud computing to use these guiding principles to determine if improvements can still be made in the approach and usage.”

 ISACA’s Guiding Principles for Cloud Computing Adoption and Use is available as a free download at www.isaca.org/cloud-principles. Additional cloud resources, including IT Control Objectives for Cloud Computing, can be found at www.isaca.org/cloud.  

About ISACA

With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

 ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

 Collaborate with ISACA members:  www.isaca.org/knowledge-center

Follow ISACA on Twitter:  https://twitter.com/ISACANews

Join ISACA on LinkedIn:  ISACA (Official)

Like ISACA on Facebook:  www.facebook.com/ISACAHQ

 Contact:

Kristen Kessinger, +1.847.660.5512, This email address is being protected from spambots. You need JavaScript enabled to view it.

Hannah Rafferty, +44 (0) 207 183 2836 This email address is being protected from spambots. You need JavaScript enabled to view it.