Technology News

latest updates from easySERVICE™

Cloud Computing Governance – Senior Management’s Roles and Responsibilities

Cloud-Computing-2A strong Cloud Risk management program to govern cloud activities requires senior management to take on additional responsibilities. The following describes the assignment of key cloud responsibilities:

Board of Directors


  • Be aware of cloud computing trends and understand management’s perspective on the impact of cloud to the industry and its business model
  • Be aware and have oversight of transformative IT projects such as cloud services
  • Understand how management is balancing risks with the benefits of cloud as part of its business and technology strategy
  • Leverage internal audit resources for assurance that cloud initiatives are in alignment with the organization’s risk appetite and controls philosophy

Chief Executive Officer


  • Define the organization’s point of view and policies regarding outsourcing
  • Understand the impact cloud computing is having on the organization’s industry
  • Be aware of where and how the organization is using cloud computing

Chief Financial Officer


  • Provide new disclosures regarding cloud usage in financial reporting
  • Evaluate and monitor the total cost of ownership and return on investment with cloud computing
  • Evaluate tax and accounting benefits of cloud computing versus alternatives
  • Implement policies and controls over procurement of cloud services
  • Monitor the financial health of each third-party CSP

Chief Legal Officer


  • Ensure that the organization’s cloud activities comply with laws and regulations
  • Monitor for new laws and regulations that would impact the organization’s cloud solution or its CSP and establish a plan for compliance
  • Review and approve cloud services procurement policies
  • Provide input on data classification policies and processes
  • Review CSP contracts and ensure protection of the organization’s interests and rights
  • Understand the legal jurisdiction aspects of the organization’s operations as they relate to using cloud services hosted in different countries

Chief Information Officer


  • Understand and monitor cloud computing’s potential to support current business strategies and new business opportunities
  • Establish overall strategy for leveraging and aligning cloud solutions
  • Facilitate the integration of cloud solutions into the organization and with the current IT infrastructure
  • Assist with incorporating cloud governance into the organization’s Enterprise risk management (ERM) program
  • Implement a data classification scheme in conjunction with data owners
  • Establish cloud processes for resource provisioning, user access management, and change management
  • Establish the organization’s cloud incident management program
  • Monitor and enforce Content Security Policy (CSP) service-level agreements
  • Monitor activities of the CSP and fellow cloud tenant customers

Chief Audit Executive or Internal Auditor


  • Perform periodic audits to evaluate the design and effectiveness of the blended control environment in which controls and processes are shared with the CSP
  • Audit the CSP or review SOC reports to verify the effectiveness of CSP controls relied upon by the organization
  • Perform periodic compliance audits of data residing on external clouds to verify compliance with data classification polices
  • Audit CSP spend and contractual compliance
  • Evaluate cloud governance

Source: Associated press

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: