Your responsibility for compliance does not go away just because you don't manage the servers, as reported by Jim Buchanan on www.cio.com. He offers these four points to consider.
1. What impact to your IT workload?
2. Standards?
Consider which applications you want to move to the cloud. The standards for cloud computing are not mature yet. A Forrester executive reports that "SAS70 and ISO 27001 are helpful, but they are point-in-time." The Cloud Security Alliance is developing a GRC Standards suite that will help you assess your position.
3. Service Level Agreements
Don't settle for a standard contract. Even small firms can leverage their position as a new industry or regional client to negotiate terms that protect them. Due diligence is key.
4. Security is key
To better understand the risks of moving to the cloud, bring in the Enterprise Risk and IT Security teams up-front. These professionals can help assess the risk and contribute to a solution, including the costs for mitigating any new risks.
No comments:
Post a Comment