There is no doubt that cloud computing is enabling businesses to be more competitive and have the relief of continuity should the unexpected happen. Businesses are aware of positive results the technology brings as a result of mobile workforce and allowing employees to connect their own devices to a company network. But without proper IT audit and due diligence, these businesses could vanish as a result of lack of control and proper audit strategies.
According to a Gartner’s Seven Security Issues for Cloud Computing report, when using a cloud service it not easy to know exactly where your data is hosted. The report further states that sensitive data processed outside the business brings with it an inherent level of risk because outsourced services bypass the physical, logical and personnel controls.
In addition to information security issues on the cloud, a Microsoft study shows that globally, 19% of businesses still don’t understand the term “cloud computing”.
Kgabo Ralebepa, IT Audit associate director at SekelaXabiso, believes there is a great opportunity for IT audit executives to educate business leaders about information risks associated with cloud computing and how best to manage those risks.
“It is important for businesses to have proper cloud computing strategy in place that addresses business case for moving information to the cloud, a true understanding of the value they seek to gain by moving to the cloud, what information exactly is being moved to the cloud, who has access to what information, how secure is that information and so on.
“We at SekelaXabiso work closely with our clients to ensure that, should they host or wish to host particular information on the cloud, these issues are proactively addressed and proper measures are put in place. We assist clients manage the business and organisational risks associated with the use information systems and extract value from the investment in IT.”
Cloud computing is a business game-changer that comes with efficiencies and costs savings – it should be embraced. But it is important that businesses establish processes to routinely re-evaluate and monitor information risks associated with this cloud computing. Internal audit teams should also ensure management evaluates these risks and proactively address them. This is essential for success of any business today.