Cloud computing continues to have a significant impact on the way enterprises operate, and companies are increasingly migrating to the cloud as a result of its value. But security and data privacy concerns are critical issues to consider before adopting cloud-computing services. Security Considerations for Cloud Computing, a new book from global nonprofit IT association ISACA, presents practical guidance for IT and business professionals to help them securely move to the cloud. 

The book, available as a complimentary download for ISACA members and at $75 for nonmembers, details how cloud computing will gain importance as both the cloud and cloud-service-provider markets mature. Particularly in times of cost optimization and economic downturn, the cloud can be perceived as a more cost-effective approach to technological support of the enterprise.

Before migrating to the cloud however, ISACA recommends considering the following factors, which can increase risk:

·         Transborder legal requirements—Cloud-service providers are often transborder, and different countries have different legal requirements, especially concerning personal or private information.

·         Absence of disaster-recovery plans—The absence of proper backup procedures implies a high risk for any enterprise.

·         Physical security of computer resources—Physical computer resources can be shared with other entities in the cloud. If physical access to the cloud-service provider’s infrastructure is granted to one entity, that entity could potentially access information assets of other entities.

·         Data disposal—Proper disposal of data is imperative to prevent unauthorized disclosure.

·         Cloud provider authenticity—Although communications between the enterprise and the cloud provider can be secured with technical means, it is important to verify the identity of the cloud provider to ensure that it is not an imposter.

Just as cloud computing is about more than just IT infrastructures, platforms and applications, the developers of Security Considerations for Cloud Computing stress that the decision to operate in the cloud should not be made solely by IT organizations. The use of cloud services might entail high risk for the business and should be evaluated by responsible parties from the different control functions within an enterprise.

“Cloud computing can present a number of challenges and risks with respect to security, privacy and trust,” said Yves Le Roux, CISM, principal consultant with CA Technologies and a member of the publication’s development team. “This book gives practical guidance to prospective cloud users on issues that must be addressed by business management and those responsible for ensuring the protection of information and business processes when selecting or implementing a cloud solution.”

Security Considerations for Cloud Computing is designed to enable effective analysis and measurement of risk through a tool kit that contains items such as decision trees and checklists outlining the security factors to be considered when evaluating the cloud as a potential solution.

Additional information is available at www.isaca.org/cloud