ISACA releases cloud computing governance guide

Guide explains how organizations can leverage COBIT to manage their cloud computing environments.

ISACA released a new guide designed to help organizations understand how to implement effective cloud computing...


The guide, IT Control Objectives for Cloud Computing, aims to help readers understand cloud computing and how to build the relevant controls and governance around their cloud environments. It also provides guidance for companies considering cloud services.

Governance becomes more critical than ever for organizations utilizing cloud services, according to the guide from ISACA, a non-profit global organization focused on information systems assurance and security, and enterprise governance. Companies need to implement a cloud computing governance program to effectively manage increasing risk and multiple regulations, and ensure continuity of critical business processes in the cloud, according to ISACA.

In these economic times, executive management is excited about the potential for the cloud to reduce costs and increase the value of IT, but "getting that value is part of a good governance program," said Jeff Spivey, international vice president of ISACA, and president of Security Risk Management Inc., a consulting firm based in Charlotte, N.C. "And making sure when you are getting the value, that you're also managing the risk as opposed to jumping blindly off the cliff and hoping there's water down there," he added.

The cloud computing governance guide outlines how COBIT and other IT governance tools developed by ISACA can help organizations in managing cloud environments. Spivey said COBIT can be applied to a number of different scenarios, including cloud technologies. ISACA is accepting public comment on the latest version, COBIT 5, through July 31.

The ISACA guide is complementary to work from the Cloud Security Alliance by focusing on ISACA's strength in governance, said Spivey, who was a founding member of the CSA.

As the cloud evolves and companies increasingly adopt cloud services, there's still a lot of ambiguity around the topic and a need for guidance, he said.  The ISACA guide can help organizations make sure they have the right controls in place and assist others contemplating the cloud to understand its complexities, he added.

IT Control Objectives for Cloud Computing, the third in ISACA's IT Control Objectives series, is available at The first book in the series focused on Sarbanes-Oxley.

Dig Deeper on Cloud Computing Frameworks and Standards