Internal Audit's Role in Cloud Computing

Internal Audit's Role in Cloud Computing

Cloud computing has transformed the way businesses approach the consumption and delivery of IT services. It is a form of standardized IT-based capability — such as Infrastructure as a Service (laaS), Platform as a Service (PaaS) or Software as a Service (SaaS) — offered by a service provider (e.g., "public" cloud) and intended to provide end-user access via the Internet from any computer. It is — in theory, at least — always available, can dynamically scale to adjust to demand, has web- or programmatic-based control interfaces, and enables full customer self-service. As this white paper discusses, there are numerous risk factors that must be managed to ensure the availability of a public, private, hybrid or community cloud solution. 

With cloud computing, applications and data are available to an organization’s user base, wherever and whenever users choose to connect. This means the business does not have to maintain the hardware and software required to deliver those services — or provide all the support to keep those infrastructure components updated, secure and available. Other potential benefits to organizations that embrace the cloud computing model are: 

  • Decoupling and separating the business service from the infrastructure needed to run it (i.e., virtualization) 
  • Flexibility to choose multiple vendors that provide reliable and scalable business services, development environments and infrastructure that can be leveraged "out of the box" and billed on a metered basis — with the potential for no long-term contracts 
  • Elastic nature of the infrastructure to rapidly allocate and de-allocate massively scalable resources to business services on a demand basis 
  • Cost-allocation flexibility for businesses using the cloud that want to move capital expenditures into operating expenses 
  • Reduced costs due to operational efficiencies 
  • More rapid deployment of new business services 
  • Operational risk reduction, if availability of services and operations are adequately protected within a contract

 

Ready to work with us?