Details

Service: Advisory, Risk & Compliance
Type: Press release
Date: 2011/11/01

Information security - the cloud computing distraction

Cloud computing is a recent trend in Information Technology that has gained momentum through advances in technology and telecoms capability.

Most technology analysts believe its use will increase exponentially over the coming years. Essentially cloud computing allows for the use of software and services over the internet on an ‘as-needed’ or ‘pay-as-you-go’ basis. Organisations pursue this option to decrease costs and/or to increase capacity and flexibility.

There are, however, many questions regarding the security, privacy, availability and reliability of an organisation’s information in the cloud that remain unanswered. This is partly because cloud services are a relatively new offering and partly because third parties usually provide cloud services. Many recent surveys have highlighted that, while management can see many of the benefits of cloud computing, information security is one of the key inhibitors preventing organisations from implementing this solution.

It is crucial that management realise that most aspects of information security remain the same, regardless of whether or not they use a cloud solution. Before debating the advantages and disadvantages of cloud computing and its impact on information security, management must ask two very important questions:

How are we currently managing our information security?
How vulnerable is the organisation’s data now?

If an organisation cannot answer the first question, there is no foundation for the cloud debate. The organisation’s data is probably already at risk. An up-to-date information security policy linked to standards and procedures within the organisation should drive information security management. These should then drive controls implemented within the IT architecture, applications, databases and networks to secure the environment.

Likewise, if an organisation cannot answer the second question, it cannot know whether cloud computing would be putting its data at any additional risk or not.

KPMG believes that whether or not an organisation intends to move to the cloud, a thorough information security review is necessary. It should include vulnerability and penetration testing.

Once this is complete, management will have a benchmark for evaluating alternative technologies such as the cloud.

Contact

Patrick Ryan
Director
IT Advisory Services
Tel: +27 (0)21 408 7374
patrick.ryan@kpmg.co.za

Latest articles & publications

	Africa Fraud Barometer

	Africa Fraud Barometer April 2012 Report

	KPMG ranked international Sustainable Firm of the Year



	More articles and publications

Subscribe to related feeds

© 2012 KPMG Services (Proprietary) Limited, a South African private company and a member firm of the KPMG network of independent firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.