As evidenced by last weeks Amazon’s Elastic Compute Cloud outage that has taken down services such as Netflix, Pinterest, Instagram as well as other numerous services and customers. Gartner Inc. predicts that cloud computing will be a $140 billion industry by 2014 and as many Enterprises and business are looking at Cloud Computing as a viable option, it is increasingly becoming more critical for CIOs and C-Level executive to rethink their existing approaches to governance, risk, and compliance.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has released a June 20, 2012 report on how companies can best handle Enterprise Risk Management for Cloud Computing. The report titled “Enterprise Risk Management for Cloud Computing” is the latest in a series of COSO papers providing organizations and ERM (Enterprise Risk Management) practitioners guidance on effective risk management.
Among the potential areas of risk associated with cloud computing cited by the paper are business model disruption, risks arising from relationships with cloud service providers, lack of cloud service provider transparency, reliability and performance issues, risk of being locked in to a cloud vendor by proprietary tools, and security and compliance issues. Other potential risk areas include cyber attacks, risk of data leakage and cloud service provider viability.
Today trends around cloud, big data, BOYD and many more are entering the Enterprise where effective GRC (Governance, Risk and Compliance) is becoming critical and a requirement for many industries and stakeholders.
CIOs and C-Level executive need to jointly drive highly effective Governance, Risk and Compliance programs with focus around:
- IT and Business stakeholders at the table
- Make the G of GRC strategic
- Identify emerging compliance risks
- Improve cross-functional design and delivery of training and communication across key stakeholders
- Improve third-party Risk Management and Oversight
- Develop Metrics that meaningfully measure and demonstrate program effectiveness
- Integrate compliance into ERM and GRC efforts
Effective CIOs are also employing tools and technologies to harvest the organization's knowledge, improve communication, share critical information, and facilitate coordination among IT GRC stakeholders.
The full COSO report can be obtained directly from: www.coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf