Continuous oversight key to managing cloud risks


By Dylan Bushell-Embling
Monday, 20 May, 2019


Continuous oversight key to managing cloud risks

Continuous oversight in the cloud is essential to identifying and managing cloud risks, and can be achieved by taking an organised approach, according to IT governance association ISACA.

A new white paper from ISACA and SecurityScorecard has identified best practices and strategies for achieving continuous oversight capabilities.

Achieving continuous oversight in the cloud requires implementing continuous internal monitoring, cloud assurance and supply chain management capabilities, according to the white paper. Another element involves continuous improvement of cloud services' security, privacy and compliance activities.

These capabilities can be used to identify cloud risks to help anticipate incidents, prevent breaches and avoid potential costs.

Continuous cloud oversight can also be used to provide senior leaders with information needed to make cost-effective risk management decisions, and to support responsibility and accountability for risk management and cloud controls.

The white paper recommends that organisations maintain a continuous cloud service assurance and oversight program that incorporates tasks including identifying business and governance drivers and strategies, aligning with enterprise policies and raising executive awareness of the importance of IT to the enterprise.

Monitoring should be adopted based on predefined metrics that can include the number of cloud services using strong encryption, the number of cloud services offering any level of access to sensitive or mission-critical data and the number of cloud services reporting security incidents, privacy breaches and non-compliance issues.

Image credit: ©stock.adobe.com/au/cybrain

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

Private AI models: redefining data privacy and customisation

Private AI signifies a critical step forward towards a more secure, personalised and efficient...

Why having an observability strategy is critical for effective AI adoption

As organisations continue to adopt AI and put it to work in a variety of innovative ways, many...

What you need to know to build a winning AI strategy

For organisations that have yet to start investing in AI solutions, it's not too late to use...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd