The Global Epidemic which has shifted gears for the elusive Remote Working as a mandate thus Cloud.

To ensure that Cloud Governance concerns are met, IT has three critical requirements to fulfil:-

• Maintaining security across the cloud environment

• Demonstrating compliance with required laws and regulations

• Controlling and tracking expenditure along

In sync with CSA/Cloud Security Alliance standards following domains in a sequential yet integral overlap of Governance & Operations for Cloud need to be comprehensively articulated as well championed (listed respectively):-

GOVERNING

Governance & Risk Mgmt.         Legal Issue: Contracts & e-Discovery

Compliance & Audit Mgmt.        Info Mgmt. & Data Security

Interoperability & Portability

OPERATING

Traditional Security & BCP-DRP            Data Centre Ops           Incident Response

Encryption & Key Mgmt.                        Application Security       Virtualization

Identity & Access Mgmt.

A CISO/DPPO specifically & collaboratively has to be instrumental; indirectly or directly; in all of these.

S(he) may have independent accountability or has to work in tandem with other department(s) because

• More than necessary information is exposed to internal users

• Confidential data is accessible to external users or simply outsiders

• Organization digital assets are personally used

• Compliance to regulatory standards/requirements is mandated

• Organizational data in Cloud must not be visible to third part entities

Author: GRC Monk

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment