Governance, Risk, and Compliance are critical enterprise issues that are required to guide IT strategy and infrastructure decisions like a transition to the cloud.
“The abstractions that cloud deployments offer can strain the GRC tasks of any enterprise that hasn’t developed mature controls. In theory, a cloud deployment shouldn’t be different from any new platform rollout. Practice, though, can be truly different, as both auditors and cloud providers can offer challenges. The first step that any organization should take is to look internally at how the users of any application expect to use cloud resources. Some uses can be low risk and make for good first steps. Organizations should also talk to their auditors. That will help them to sort out concerns in advance of platform selection and prepare for provider discussions. Cloud deployments can meet GRC requirements when reasonable controls are implemented, but it has to be part of a complete approach. Enterprises can look to organizations such as the Cloud Security Alliance and traditional security associations like ISACA for guidance and perspective.”
Thanks to Liz McMillan and Cloud Computing Journal