The Global Epidemic which has shifted gears for the elusive Remote Working as a mandate thus Cloud.
To ensure that Cloud Governance concerns are met, IT has three critical requirements to fulfil:-
• Maintaining security across the cloud environment
• Demonstrating compliance with required laws and regulations
• Controlling and tracking expenditure along
In sync with CSA/Cloud Security Alliance standards following domains in a sequential yet integral overlap of Governance & Operations for Cloud need to be comprehensively articulated as well championed (listed respectively):-
GOVERNING
Governance & Risk Mgmt. Legal Issue: Contracts & e-Discovery
Compliance & Audit Mgmt. Info Mgmt. & Data Security
Interoperability & Portability
OPERATING
Traditional Security & BCP-DRP Data Centre Ops Incident Response
Encryption & Key Mgmt. Application Security Virtualization
Identity & Access Mgmt.
A CISO/DPPO specifically & collaboratively has to be instrumental; indirectly or directly; in all of these.
S(he) may have independent accountability or has to work in tandem with other department(s) because
• More than necessary information is exposed to internal users
• Confidential data is accessible to external users or simply outsiders
• Organization digital assets are personally used
• Compliance to regulatory standards/requirements is mandated
• Organizational data in Cloud must not be visible to third part entities
Aptly said. To the point and succinct.. just like aerial view in HD!!