Latest news
Eliminating oversight and governance from cloud computing decisions can create significant risk to organizations, effectively undermining any benefits of moving to the cloud and, at the same time, potentially creating serious issues for organizations.
Only through proper governance and management can cloud computing achieve its potential for organizations. To help enterprises manage the potential pressure points that begin to surface when cloud computing strategies diverge from internally provided IT services or traditional outsourced arrangements, ISACA outlined six key cloud computing principles:
The enablement principle: Plan for cloud computing as a strategic enabler, rather than as an outsourcing arrangement or technical platform.
The cost/benefit principle: Evaluate the benefits of cloud acquisition based on a full understanding of the costs of cloud compared with the costs of other technology platform business solutions.
The enterprise risk principle: Take an enterprise risk management (ERM) perspective to manage the adoption and use of cloud.
The capability principle: Integrate the full extent of capabilities that cloud providers offer with internal resources to provide a comprehensive technical support and delivery solution.
The accountability principle: Manage accountabilities by clearly defining internal and provider responsibilities.
The trust principle: Make trust an essential part of cloud solutions, building trust into all business processes that depend on cloud computing.
“Cloud computing presents a unique opportunity for enterprises—and is particularly a game-changer for small and medium enterprises because its availability means that technology infrastructure is not the market differentiator it has been in the past,” said Ramsés Gallego, CISM, CGEIT, member of ISACA’s Guidance and Practices Committee and security strategist and evangelist for Quest Software. “These principles will enable enterprises to experience the value that cloud can provide and help ensure that internal and external users can trust cloud solutions.”
The complete "Guiding Principles for Cloud Computing Adoption and Use" guide is available here (registration required).
Spotlight
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
To hack back or not to hack back?
Posted on 12 June 2013. | If you think of cyberspace as a new resource for you and your organization, it makes sense to protect your part of it as best you can. But is it a good idea?
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
