By Rob Starr, Content Manager, Big4.com
Organisations need to carry out a due diligence in terms of business and IT risk management principles before moving to a cloud environment, warns professional services firm PwC.
Charl du Toit, PwC Associate Director, Advisory Department spoke on the subject at PwC’s 6th Corporate Audit Forum, held in Johannesburg recently. The aim of the Forum was to provide a platform for heads of internal audit, the C-suite (CEOs, CFOs and so forth), audit committee members and company directors to share leading-edge corporate governance practices and develop insightful debate on contemporary issues.
Cloud computing has gained prominence due to the benefits it has to offer. “It needs to be given consideration and placed on the CIO’s board agenda,” says Du Toit. Results from the 2012 Global State of Information Security Survey disclosed that more than 42% of respondents used cloud computing in the form of software as a service, platform as a service or infrastructure as a service.Survey findings also revealed that 32% of respondents perceived the greatest risk to their cloud computing strategy as the inability of cloud service providers to enforce their security policies
Contractual rights and obligations need to be clearly defined for both the service provider and the user of the cloud. Provision must be made for service continuity, ownership of the intellectual property in respect to the service, the right to carry out an audit, security monitoring and reporting, compliance to service level agreements, and legal jurisdiction issues particularly for services hosted outside of the country.