Cloud Computing Benefits and Risks Detailed in New ISACA Guidance
Back Published 2009-12-03
Rolling Meadows, Ill. — Dec. 3
Cloud computing is rapidly becoming a business information technology (IT) buzzword, but there is still much debate on what exactly it is and how it benefits enterprises. A new white paper from ISACA, a nonprofit association of 86,000 global information technology professionals, clearly describes how enterprises can achieve greater efficiencies and mitigate new risks associated with cloud computing. The white paper, "Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives," is available as a free download from www.isaca.org/cloud.
Cloud computing offers enterprises the ability to reduce IT infrastructure costs through a model of paying for service on demand. This requires less upfront capital expenditure and allows businesses to benefit from the ability to efficiently ramp up and power down based on current needs, as well as the flexibility to introduce new IT services.
“One way of describing cloud computing is to compare it to a utility,” said Jeff Spivey, trustee for the IT Governance Institute, which is affiliated with ISACA, and director of Security Risk Management, Inc. “In the same way businesses pay for the amount of electricity, gas and water that they use, there is now the ability to pay for IT services based on how much is consumed.”
As with any new advancement, though, there are many facets to consider.
“The benefits of cloud computing are tremendous, but it also creates new risks and security concerns,” added Spivey. “Through cloud computing, IT services can be contracted through an external provider, so new governance and control approaches are needed to ensure flexibility, resilience and security.”
According to the white paper, in addition to the financial savings involved with cloud computing, one of this model’s strengths is for enterprises to streamline processes and increase innovation. This can translate into more reliable backup, more satisfied customers, increased scalability and possibly even higher margins.
While the risks associated with cloud computing may be similar to business IT risks already addressed, enterprises may need to adjust their policies and procedures to focus on the new dynamic environment. The white paper also delivers effective strategies for mitigating risks and addressing assurance issues related to cloud computing.
“The cloud represents a major change in the way computing resources will be utilized,” said Spivey. “By addressing many of these issues in advance, and with the involvement of a broad range of stakeholders, enterprises can gain significant advantage with appropriate control.”
In recognition of new risks around this emergent technology, ISACA has become an affiliate of the Cloud Security Alliance, which collaborated on this paper and will be involved in joint projects with ISACA in the future (www.cloudsecurityalliance.org).