ISACA is a professional organization that issues guidelines that individuals and businesses can use to improve their IT governance. Formerly known as the Information Systems and Audit Control Association, ISACA now only uses the acronym as its official name. The organization recently released a new publication entitled Guiding Principles for Cloud Computing Adoption and Use. The intent of the publication is to assist businesses and other organizations to leverage cloud computing as part of their strategies for effectively using IT to accomplish their business objectives.
Ramsés Gallego, who sits on the Guidance and Practices Committee at ISACA, summarized the publication as a set of principles that will help businesses "to experience the value that cloud can provide and help ensure that internal and external users can trust cloud solutions."
Among the guidelines published were the following key recommendations.
1. Do a cost benefit analysis
Such an analysis should evaluate the full cost of cloud computing, not merely the start up expenses. In a managed services environment, the full cost may be folded into the period subscription fee, but organizations that establish their own cloud environments will need to consider hardware infrastructure costs in addition to maintenance costs.
2. Perform risk management
To manage the adoption and implementation of cloud IT solutions effectively, businesses should look at them from a risk management point of view, proactively anticipating difficulties in advance in order to minimize risks.
3. Clarify accountability
It is important in a managed services model for the provider and the company to have clearly delineated roles that specify the areas of accountability for which each is responsible.