Continuous oversight key to managing cloud risks
Continuous oversight in the cloud is essential to identifying and managing cloud risks, and can be achieved by taking an organised approach, according to IT governance association ISACA.
A new white paper from ISACA and SecurityScorecard has identified best practices and strategies for achieving continuous oversight capabilities.
Achieving continuous oversight in the cloud requires implementing continuous internal monitoring, cloud assurance and supply chain management capabilities, according to the white paper. Another element involves continuous improvement of cloud services' security, privacy and compliance activities.
These capabilities can be used to identify cloud risks to help anticipate incidents, prevent breaches and avoid potential costs.
Continuous cloud oversight can also be used to provide senior leaders with information needed to make cost-effective risk management decisions, and to support responsibility and accountability for risk management and cloud controls.
The white paper recommends that organisations maintain a continuous cloud service assurance and oversight program that incorporates tasks including identifying business and governance drivers and strategies, aligning with enterprise policies and raising executive awareness of the importance of IT to the enterprise.
Monitoring should be adopted based on predefined metrics that can include the number of cloud services using strong encryption, the number of cloud services offering any level of access to sensitive or mission-critical data and the number of cloud services reporting security incidents, privacy breaches and non-compliance issues.
The shift to edge computing can bring improved decision-making, increased speed and decreased...
The Digital Transformation Agency has launched a request for tenders for all sellers of cloud...
The ASD will no longer assess cloud providers' capacity to securely hold Protected government...