Continuous oversight key to managing cloud risks

By Dylan Bushell-Embling
Monday, 20 May, 2019

Continuous oversight key to managing cloud risks

Continuous oversight in the cloud is essential to identifying and managing cloud risks, and can be achieved by taking an organised approach, according to IT governance association ISACA.

A new white paper from ISACA and SecurityScorecard has identified best practices and strategies for achieving continuous oversight capabilities.

Achieving continuous oversight in the cloud requires implementing continuous internal monitoring, cloud assurance and supply chain management capabilities, according to the white paper. Another element involves continuous improvement of cloud services' security, privacy and compliance activities.

These capabilities can be used to identify cloud risks to help anticipate incidents, prevent breaches and avoid potential costs.

Continuous cloud oversight can also be used to provide senior leaders with information needed to make cost-effective risk management decisions, and to support responsibility and accountability for risk management and cloud controls.

The white paper recommends that organisations maintain a continuous cloud service assurance and oversight program that incorporates tasks including identifying business and governance drivers and strategies, aligning with enterprise policies and raising executive awareness of the importance of IT to the enterprise.

Monitoring should be adopted based on predefined metrics that can include the number of cloud services using strong encryption, the number of cloud services offering any level of access to sensitive or mission-critical data and the number of cloud services reporting security incidents, privacy breaches and non-compliance issues.

Image credit: ©

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

From cloud to the edge: the why and how behind the shift

The shift to edge computing can bring improved decision-making, increased speed and decreased...

DTA invites sellers to new Cloud Marketplace

The Digital Transformation Agency has launched a request for tenders for all sellers of cloud...

ACSC shutters cloud certification program

The ASD will no longer assess cloud providers' capacity to securely hold Protected government...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd