corporate governance and cloud computing

1

Corporate Governance And Cloud Computing8th March 2012

Rory CassellsPrinciple Risk Consultant

2

Overview

• What is Corporate Governance?• Stakeholders.• Advantages of Good Corporate

Governance.• Corporate Governance in the Cloud• Risks in the Cloud• Recommendations

3

What is Corporate Governance?

Corporate governance is concerned with holding the balance between economic and social goals and between individual and communal goals. The governance framework is there to encourage the efficient use of resources and equally to require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations and society." (Sir Adrian Cadbury, UK, Commission Report: Corporate Governance )

4

Stakeholders

• Shareholders.• Employees.• Suppliers.• Lenders.• Local Community.• Pressure Groups.• Government.• Consumers.

5

Advantages of Good Corporate Governance

Advantages

Improved processes

Takes emotion out of decision making

Fights Corruption

Improves standards

Improves talent utilisation

Helps attract and retain shareholders

Builds trust in the organisation will all stakeholders

6

Corporate Governance in the Cloud

• 5 Essential Focus Areas:―Strategic Alignment―Value Delivery―Resource Management―Risk Management―Performance Management

7

Risks in the Cloud

• General Cloud Computing Risks―Theft of IT Equipment―Natural Disasters―Unauthorized Access to Premises

• Legal Risks―Subpoena and e-discovery―Changes in jurisdiction―Data Protection

8

Risks in the Cloud (Cont)

• Technical Risks―Insecure/Ineffective Data Deletion―Malicious Insider―Data Leakage

• Policy and Organisational Risks―Provider Lock in―Loss of Governance―Cloud Service Failure /Termination

9

Recommendations• Communicate all aspects of Governance to customers.•Provide Clear Roles and Responsibilities to all staff members•Proper Identity and Access Controls•Know the Law in the Jurisdiction your data resides•Prepare and Test DR/BCM•Ensure customers have read and understood the SLA•Identify and Monitor all risks that may affect customer data and the organisation as a whole•Create and Manage Operational and Security logs