Cloud Computing Guidelines From The Information Systems Audit And Control Association

Cloud Computing Guidelines From The Information Systems Audit And Control Association

Among the slew of guidelines on cloud computing floating around, the recent one published by industry body Information Systems Audit and Control Association (ISACA) has a lot of credibility. Established in 1965, the association has a long history of delivering guidance to its huge membership (more than 95,000 across 190 chapters in 75 countries) of Information Systems professionals and is well positioned to offer advice on the dynamic paradigm of cloud computing.

The whitepaper “Guiding Principles for Cloud Computing Adoption and Use”, available for free download on the ISACA site, offers readers a definition of Cloud Computing (see: Coining the Cloud: An Assessment of Cloud Computing’s Shifty Definition) and broad directions for adoption. According to ISACA, it “describes the nature of cloud computing and areas of pressure that, when not addressed, can increase risk to the enterprise. It also presents six principles for cloud computing adoption and use that can guide management toward more effective cloud implementation and use, reduction of pressure points, and mitigation of potential risk.”

The “guiding principles for adopting and using the cloud,” as mentioned in the paper, are:

1. Enablement

ISACA asks companies to “plan for cloud computing as a strategic enabler rather than as an outsourcing arrangement or a technical platform.” They are warned that “viewing it as a replacement for internal technology solutions limits the ability of enterprises to think broadly about how it can support the strategic direction of the enterprise.”

2. Cost benefit

Companies are advised to “evaluate the benefits of cloud acquisition based on a full understanding of the cost of cloud compared with other technology platform business solutions.” Also, cloud adopters are reminded that “the full cost of acquiring and deploying cloud infrastructures, platforms or software services is more than what is represented within the cloud contract and SLA.” Thus, ISACA asks enterprises to conduct a thorough cost–benefit analysis that includes things beyond the obvious.

3. Enterprise risk

Companies are advised to take a “larger picture” view, an “enterprise risk management perspective” in the matter. Rather than treat different risks – issues related to compliance and, in particular, privacy regulations and the export of personal information; and legal issues involving SLAs – as independent, they should be considered in combination.

4. Capability

Companies are asked to “integrate the full extent of capabilities that cloud providers offer with internal resources to provide a comprehensive technical support and delivery solution.” Thus, companies are asked not to abandon in-house talent and assets altogether but to combine them with those provided by cloud vendors for optimum benefit.

5. Accountability

Companies should “manage accountabilities by clearly defining internal and provider responsibilities.” According to ISACA, “adopting cloud solutions may break connections among people, technology, the processes that enable technology use, and the enforcement of individual and group accountabilities and responsibilities.” Hence, proper mechanisms should be put in place to address this.

6. Trust

The paper advises that cloud users should “make trust an essential element of cloud solutions, building trust into all business processes that depend on cloud computing.” It says that “Trust is an essential requirement for business applications of technology for internal and external users” and “results from the combined effect of organizational structure, culture, technical architectures, processes and the human factors that facilitate the deployment and use of technology in support of business functions.” 

Through this paper, ISACA has provided useful, big-picture suggestions that can help cloud adopters and users nip potential problems in the bud, while maximizing the benefits of going on the cloud. With the strength of peer review backing these assertions, it is great advice to be had for free.

By Sourya Biswas


Sourya Biswas is a former risk analyst who has worked with several financial organizations of international repute, besides being a freelance journalist with several articles published online. After 6 years of work, he has decided to pursue further studies at the University of Notre Dame, where he has completed his MBA. He holds a Bachelors in Engineering from the Indian Institute of Information Technology. He is also a member of high-IQ organizations Mensa and Triple Nine Society and has been a prolific writer to CloudTweaks over the years...

Sorry, comments are closed for this post.

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future of Work: What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at…

PaaS And IaaS: Rising Champions Of Cloud Computing

PaaS And IaaS: Rising Champions Of Cloud Computing

PaaS and IaaS: Rising Champions of Cloud Computing In the cloud conversation, Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) appear much less than the famed Software as a Service (SaaS). This is not surprising when you consider that a world already populated with built platforms and infrastructure has but to operate…

2014 Future Of Cloud Computing Survey Results

2014 Future Of Cloud Computing Survey Results

Engine Yard Joins North Bridge Venture Partners, Gigaom Research and Industry Collaborators to Unveil 2014 Future of Cloud Computing Survey Results SAN FRANCISCO, CA–(Marketwired – Jun 25, 2014) – Engine Yard, the leading cloud application management platform, today announced its role as a collaborator in releasing the results of the fourth annual Future of Cloud Computing Survey,…

Cloud Infographic – Cloud Fast Facts

Cloud Infographic – Cloud Fast Facts

Cloud Infographic – Cloud Fast Facts It’s no secret that Cloud Computing is more than just a buzz term as that ship has sailed off a long time ago. More and more companies are adopting the uses and benefits of cloud computing while aggressively factoring cloud services spending into their budget. Included is an excellent…

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery

The Power Of Cloud Disaster Recovery Preventing a Cloud Disaster is one thing. Recovering from a disaster is a whole other area of concern. Today’s infographic provided by CloudVelox outlines some best practices and safeguards in order to help your business make more informed decisions. About Latest Posts souryaSourya Biswas is a former risk analyst…



Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100

Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.


CloudTweaks Media
Phone: 1 (212) 763-0021