Strategic Intelligence for CFOs, Finance Directors, Controllers and Treasurers in Asia  | 
2013, May 21

Beware the Cloud Behind the Silver Lining

Home > Features > Beware the Cloud Behind the Silver Lining
Features

Beware the Cloud Behind the Silver Lining

by Carol Ko, 16 May 2012
topics:
Risk Management Technology
tags:
enterprise risk management finance and cloud computing
We suggest that the following components of the auditing and compliance standards of cloud computing should be included, but not limited to:
  • data privacy
  • identity and access management
  • data governance and exchange
  • service migration
 
Cloud computing technology is still under development. Currently, the existing standards can only fulfill part of the compliance requirements and no comprehensive cloud-specific standard has been released so far.
 
What are the applicable standards that aid governance and compliance?
While the Statement on Standards for Attestation Engagements 16 (SSAE16), the replacement of SAS70, is the most widely used form of third-party risk evaluation for service providers, other Service Organization Control standards are focusing on the financial reporting processes and controls related to security, compliance, and operations.
 
ISO 27001 is another popular certificate. It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System.
 
These standards, which address different risk areas in terms of procedures and technical items, can help meet governance and compliance requirements of cloud computing.
 
However, some other specific industries such as healthcare and government agencies may need additional standards to comply with industrial regulations. Very often, these organizations are required to handle personal information and medical records. As a result, we need special cares in terms of physical/logical security and privacy.
 
As the concept of cloud computing is similar to that of IT outsourcing, some existing standards can cover most areas of cloud computing. However, there is also a need to enhance the existing standards to cover new dimensions, including cross-data jurisdiction and sharing of virtual space, ideas that are introduced by cloud computing.
 
Is it the case of the more standards adopted, the better?
Cloud computing standards are supposed to help an organization apply best practices while adopting the technology. In fact, many IT professionals see the lack of standards as the main barrier for a more timely adoption of the technology.
 
But we do not think having more standards is necessarily better. We see that more standards will translate into higher compliance and management cost. This will deflect from the original purpose of cost saving through adopting a cloud solution.
 
« first‹ previous1234next ›last »


Related articles

Comment on this article

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

Accounting and Regulations

CFO innovation Asia Accounting and Regulation the Asia Pacific resource center for senior finance executives, daily news, analysis, best practice and case studies in Accounting Regulation, IFRS, US GAAP, Tax, investor relations, corporate governance, Corporate Law, Financial Regulators, Internal Audit, Audit, Corporate Law.
Auditing, Investor Relations, Law and Compliance, Tax

Finance and Banking

CFO innovation Asia, Finance and Banking the Asia Pacific resource center for senior finance executives, daily news, analysis, best practice and case studies in Corporate Finance, trade finance, treasury and risk management, capital expenditure, Banking, mergers and acquisitions
Cash and Liquidity Management, Corporate Finance, Insurance, Treasury Management

Management

CFO innovation Asia the Asia Pacific resource center for senior finance executives, daily news, analysis, best practice and case studies in Finance Management, Corporate Governance, Human Resource Management, Compensation and Benefits, Mergers and Acquisitions, Professional Development, Corporate Real Estate, Risk Management, Budgeting and Forecasting, Business Process Management, Business Process Reengineering, Outsourcing.
Budgeting and Planning, Business Expense Management, Human Capital Management, Outsourcing and Shared Services, Risk Management

Metrics

Corporates, Financial Services

Technology

CFO innovation Asia Technology the Asia Pacific resource center for senior finance executives, daily news, analysis, best practice and case studies in Finance Systems, Business Intelligence, EPR, Accounting software, CRM, Cloud Computing, Telecommunications, Business Process Outsourcing, Business Process Management Software.
Business Intelligence, Enterprise Software and Systems, Financial Systems, Security