Cloud Computing Guidelines From The Information Systems Audit And Control Association

Cloud Computing Guidelines From The Information Systems Audit And Control Association

Among the slew of guidelines on cloud computing floating around, the recent one published by industry body Information Systems Audit and Control Association (ISACA) has a lot of credibility. Established in 1965, the association has a long history of delivering guidance to its huge membership (more than 95,000 across 190 chapters in 75 countries) of Information Systems professionals and is well positioned to offer advice on the dynamic paradigm of cloud computing.

The whitepaper “Guiding Principles for Cloud Computing Adoption and Use”, available for free download on the ISACA site, offers readers a definition of Cloud Computing (see: Coining the Cloud: An Assessment of Cloud Computing’s Shifty Definition) and broad directions for adoption. According to ISACA, it “describes the nature of cloud computing and areas of pressure that, when not addressed, can increase risk to the enterprise. It also presents six principles for cloud computing adoption and use that can guide management toward more effective cloud implementation and use, reduction of pressure points, and mitigation of potential risk.”

The “guiding principles for adopting and using the cloud,” as mentioned in the paper, are:

1. Enablement

ISACA asks companies to “plan for cloud computing as a strategic enabler rather than as an outsourcing arrangement or a technical platform.” They are warned that “viewing it as a replacement for internal technology solutions limits the ability of enterprises to think broadly about how it can support the strategic direction of the enterprise.”

2. Cost benefit

Companies are advised to “evaluate the benefits of cloud acquisition based on a full understanding of the cost of cloud compared with other technology platform business solutions.” Also, cloud adopters are reminded that “the full cost of acquiring and deploying cloud infrastructures, platforms or software services is more than what is represented within the cloud contract and SLA.” Thus, ISACA asks enterprises to conduct a thorough cost–benefit analysis that includes things beyond the obvious.

3. Enterprise risk

Companies are advised to take a “larger picture” view, an “enterprise risk management perspective” in the matter. Rather than treat different risks – issues related to compliance and, in particular, privacy regulations and the export of personal information; and legal issues involving SLAs – as independent, they should be considered in combination.

4. Capability

Companies are asked to “integrate the full extent of capabilities that cloud providers offer with internal resources to provide a comprehensive technical support and delivery solution.” Thus, companies are asked not to abandon in-house talent and assets altogether but to combine them with those provided by cloud vendors for optimum benefit.

5. Accountability

Companies should “manage accountabilities by clearly defining internal and provider responsibilities.” According to ISACA, “adopting cloud solutions may break connections among people, technology, the processes that enable technology use, and the enforcement of individual and group accountabilities and responsibilities.” Hence, proper mechanisms should be put in place to address this.

6. Trust

The paper advises that cloud users should “make trust an essential element of cloud solutions, building trust into all business processes that depend on cloud computing.” It says that “Trust is an essential requirement for business applications of technology for internal and external users” and “results from the combined effect of organizational structure, culture, technical architectures, processes and the human factors that facilitate the deployment and use of technology in support of business functions.” 

Through this paper, ISACA has provided useful, big-picture suggestions that can help cloud adopters and users nip potential problems in the bud, while maximizing the benefits of going on the cloud. With the strength of peer review backing these assertions, it is great advice to be had for free.

By Sourya Biswas


Sourya Biswas is a former risk analyst who has worked with several financial organizations of international repute, besides being a freelance journalist with several articles published online. After 6 years of work, he has decided to pursue further studies at the University of Notre Dame, where he has completed his MBA. He holds a Bachelors in Engineering from the Indian Institute of Information Technology. He is also a member of high-IQ organizations Mensa and Triple Nine Society and has been a prolific writer to CloudTweaks over the years...

Sorry, comments are closed for this post.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...


Top Viral Impact

2014 Future Of Cloud Computing Survey Results

2014 Future Of Cloud Computing Survey Results

Engine Yard Joins North Bridge Venture Partners, Gigaom Research and Industry Collaborators to Unveil 2014 Future of Cloud Computing Survey Results SAN FRANCISCO, CA–(Marketwired – Jun 25, 2014) – Engine Yard, the leading cloud application management platform, today announced its role as a collaborator in releasing the results of the fourth annual Future of Cloud Computing Survey,

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things There are many interesting ways in which companies are looking to connect devices to the cloud. From the vehicles to kitchen appliances the internet of things is already a $1.9 trillion dollar market based on research estimates from IDC. Included is a fascinating infographic provided by AriaSystems which shows us some

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate long term with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

Please review the guidelines before applying.


Top Research Assets

HP OpenStack® Technology Breaking the Enterprise Barrier

HP OpenStack® Technology Breaking the Enterprise Barrier

Explore how cloud computing is a solution to the problems facing data centers today and highlights the cutting-edge technology (including OpenStack cloud computing) that HP is bringing to the current stage. If you are a CTO, data center administrator, systems architect, or an IT professional looking for an enterprise-grade, hybrid delivery cloud computing solution that’s open,

Public Cloud Flexibility, Private Cloud Security

Public Cloud Flexibility, Private Cloud Security

Public Cloud Flexibility, Private Cloud Security Cloud applications are a priority for every business – the technology is flexible, easy-to-use, and offers compelling economic benefits to the enterprise. The challenge is that cloud applications increase the potential for corporate data to leak, raising compliance and security concerns for IT. A primary security concern facing organizations moving

Hewlett-Packard Company On-Demand Webinar

Hewlett-Packard Company On-Demand Webinar

Shifting Workloads and the Server Evolution Learn more about the latest industry trends and the challenges customers are talking about. Every ten to fifteen years, the types of workloads servers host swiftly shift. This happened with the first single-mission mainframes and today, as disruptive technologies appear in the form of big data, cloud, mobility and