Auditing the Cloud

Given the coverage that Cloud technology is getting, it is important to consider how to approach an audit of a Cloud service or infrastructure. Many do see this as one of the top focus points for IT Audit in 2011.

At the heart I believe this should follow a similar method to auditing Outsource relationships (depending on the nature of the Cloud service of course). There are a couple of good reference points on the Web to help get started:

http://www.cloudsecurityalliance.org/topthreats.html – The CSA is a great place to start researching about Cloud technologies and threats

http://cloudaudit.org/ – Relatively new volunteer-based resource to address auditing, assurance and assertion for Cloud providers and consumers

http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1524267,00.html – Recent article on TechTarget discussing Cloud Computing and Financial Services

It is important to know concepts and terminology right from the start. As an IT Auditor you may need to explain to business the implications of using external Cloud services. Most are immediately concerned about having their business information stored offsite in an ‘intangible’ cloud. The audit program will need to pull together various other programmes such as 3rd party management, infrastructure reviews, information security, regulatory and compliance implications.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s