Tackling GRC in the cloud.

There’s no denying the benefits that migrating to the cloud can have on a business, and with the introduction of artificial intelligence and machine learning, more organizations are tapping into the perks tied to cloud technology. According to a recent study of IT professionals conducted by LogicMonitor, a Santa Barbara-based SaaS provider, 83 percent of enterprise workloads will be in the cloud by 2020. However, where there are benefits, there are also challenges.

The massive sets of data that businesses juggle nowadays require a calculated approach when it comes to security and privacy. For the IT auditor of today, maneuvering through these complex environments is critical to their role. Given the explosion of cloud usage in the last few years, this has created an elaborate landscape for IT auditors to examine from a compliance standpoint, says Mark Thomas, president of Escoute Consulting.

When it comes to working with cloud service providers, Thomas shared that one of the primary questions IT auditors should be asking is about where the data will reside.

“If you think about this from an auditor’s perspective, when we have a relationship with a cloud provider, it starts way back when we started [creating] that contract,” Thomas told Internal Audit Insights during a recent interview shot at MISTI’s ITAC Conference in San Diego. “It’s a great practice to understand how you contracted with that organization.”

Data ownership and the timing tied to auditing a cloud provider are two other topics that IT auditors should be well-versed in, Thomas added.

In the full interview below, Thomas discusses the impact that cloud migration has had on the business, and shares the major dos and don'ts that IT auditors should know about GRC in the cloud.

 

For more insight on this topic, don't forget to mark your calendars for our Cloud Security eSummit on October 11.

 Drew Graham