APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Security
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Security
    Editor's Pick (1 - 4 of 8)
    left
    The Organization's Responsibility for its Own Protection

    Michael Wallmannsberger, Chief Information Security Officer, Wynyard Group

    Don't Rush to Hire an Anti-DDoS Expert!

    Barry Greene, Co-founder and Chief, Technical Officer, GETIT

    Attaining the Needs of Infrastructure Investment

    Yong Chiang Neo, CIO

    Constructing a Marketing IT Collaboration

    Jenny Williams,

    The Organic Adaptability of IT

    Pedro Sttau,

    The Weakest Link Is Your Strongest Security Asset

    Christian Anschuetz, CIO & Security Practitioner, UL

    Achieving Greater Business Value with Innovation

    Denise A. Saiki, CIO& VP Enterprise Business Services, Lockheed Martin

    Using Data Analytics for Loss Prevention

    Jonathan Lowsley, CIO, ADrive

    right

    Enhance Governance Over Cloud Adoption

    Mike Kelley, Global IT Sr Manager Information Security, Risk & Compliance, Dana Holding Corporation

    Tweet
    content-image

    Mike Kelley, Global IT Sr Manager Information Security, Risk & Compliance, Dana Holding Corporation

    Cloud services are a growing business interest with its appealing low barrier to entry model that requires minimal capital expenditure for implementation. It is an elastic platform that can scale according to changing business needs and enables rapid implementation of technology solutions. With respect to IT, the cloud presents an opportunity to transfer traditional operational services to Cloud Service Providers (CSP) allowing IT to focus on delivering services and solutions that provide a strategic advantage in the marketplace. Ultimately, the cloud is fundamentally changing the way IT supports the business transforming IT from a provider of services to a broker of services. It has also expanded the boundaries around information and systems, complicating the model for ensuring proper security measures are enforced.

    In the past, IT has been the agent for changing how technology solutions support and enable the business. However, the CSPs have done an effective job marketing their products such that the business is now comfortable engaging them directly for solutions to address their needs which has led to an influx of cloud solutions requests.

    To deal with the ever increasing requests for cloud solutions, we have developed a Cloud Computing Playbook which is essentially a guide that explains what the cloud is and which processes and/or data that should or should not be in the cloud. The purpose of the playbook is to educate the business and also lay the foundation for evaluating whether or not cloud is the right model for implementing a particular solution.

    There are inherent risks associated with moving to the cloud. The most prevalent is the lack of control and visibility into your environment. However, the principles of enforcing security have not changed even with the adoption of cloud services. We view CSPs simply as an extension of our business. Our current strategy of cloud adoption is tactical in nature, addressing specific business problems that have lower risk with respect to information security and compliance. In the meantime, we are strengthening our methodology for governing the adoption and consumption of cloud services.

    Our current methodology for ensuring the secure adoption of cloud solutions begins with data classification. Requiring the business to classify data assigns accountability and also provides valuable input for downstream processes including evaluation against the Cloud Computing Playbook, contractual negotiations and CSP evaluation. Once a CSP has been selected, we submit a questionnaire that inquires about the CSP’s risk management program, security policies, organizational structure and internal controls, followed up by discussions with the individual responsible for information security. We also request certification reports that represent an independent assessment of the CSP’s internal controls as further support that the control environment is operating effectively. Depending on timing, contractual negotiations may be performed in parallel. We ensure every contract has a right to audit clause or the right to obtain a certification report on the effectiveness of their internal controls.

    We are constantly updating our process to enhance governance over cloud adoption. Our cloud governance program will include a vendor risk management program designed to execute our contractual right to audit for monitoring ongoing risks associated with CSPs. We are also in the process of developing a robust Cloud Evaluation Criteria tool which includes business and technical criteria and is intended to ensure consistency in cloud adoption.

    tag

    Information Security

    Cloud Computing

    Weekly Brief

    loading
    25 Most Promising Enterprise Security Solutions Providers
    ON THE DECK

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://security.apacciooutlook.com/cxoinsights/enhance-governance-over-cloud-adoption-nwid-284.html