Cloud Auditing – Making Sure That Your Cloud Works Per Your Expectations

Cloud Auditing – Making sure that your cloud works per your expectations

As cloud computing get increasingly complex and finds use in core enterprise applications, it it time to pay more attention to auditing. Auditing ensures that your cloud installations works per your expecations. The auditing could be done either internally by your IT or business teams, or could be done by a third party service. Regardless of who does the audit, it is important to understand the different considerations in cloud auditing.

  1. Regulatory compliance audit

In many industries such as healthcare and finance, there are strong regulations that mandate how the data should be handled, where they should be stored and how the consumer data are protected. Not complying to the regulations might invite hefty fines and/or legal proceedings.

The regulatory compliance audit lists the all regulations that will affect your data and applications, and will check if each of those regulations are met in your cloud setup. For instance, regulations in some industries would prevent the storing of data offshore. In that case you have to make sure that your cloud service provider has domestic datacenters and uses them to handle your data and applications.

  1. Disaster Recovery/Business Continuity (DR/BC) audit

Disaster can strike an enterprise in many forms. There could be natural disasters such as floods, earthquakes, etc. and there could be manmade disasters that could disrupt your installations. It is the role of DR/BC audit to ensure that the IT infrastructure continues to be operational, at least partially, despite the disaster. Mean time to recovery and amount of data recovered are important metrics in this audit.

  1. Security audit

Security should be one of the most essential aspects of any enterprise IT system. Security audit must uncover the various vulnerabilities in your cloud solution. Some of the security issues include unauthorized access, intentionally destroying data and Denial of Service (DoS). The audit should make sure the setup is sufficiently protected against the common type of attacks and has the adequate level of security that satisfies the enterprise requirements. Sufficient attention must be paid to data security issues to protect against any information leakage.

  1. Performance and Reliability audit

One of the biggest considerations to move to the cloud involves around reliability. Reliability audit must make sure that your data is available to the employees and customers 24/7. The cost of downtimes can be very high, in terms of lost employee productivity and loss of goodwill from the customers. The audit should also spell out the SLA requirements and find out if all the providers satisfy those requirements.

Performance audits must identify the various metrics (time to save a document, loading time of the website landing page etc.) and verify if the cloud setup satisfies those metrics. The performance and reliability audits could also make use of stress tests to make sure the stack used is robust under severe load conditions.

  1. ROI and business audit

Migration to cloud computing has to make proper business sense and this audit computes the ROI (Return on Investment) for the cloud infrastructure you have spent your time and money. The audit should arrive at the total cost of the solution (including the retraining costs) and find out if it is cheaper than the alternatives.

Business audit must spell out various business metrics and goals against which the cloud services have to be tested.

By Balaji Viswanathan

Sorry, comments are closed for this post.

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

Cloud Services Providers – Learning To Keep The Lights On

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…