Incorporate ERM frameworks for cloud computing information security

Grazed from TechTarget. Author: Eric Holmquist.

Companies looking to expand their infrastructure capabilities are increasingly turning to cloud service providers (CSPs), which have proven to be a very cost-effective, highly efficient resource for businesses of all sizes. Cloud-based solutions are used for remote hosting, colocation data centers or full infrastructure outsourcing. As these companies move operations to the cloud, confidence is growing that the technology can be an effective way to not only host data and applications, but also reduce key infrastructure costs.

But as CSPs continue to evolve so, too, does the related cloud computing security infrastructure required to ensure that client data remains safely segregated and accessible only to authorized users. The key to managing cloud computing information security is to understand that it cannot be managed using an 80/20 rule — that is, mitigating the obvious risks and then dealing with the rest as they occur…

Unlike other forms of operational risks, this is an area that has to be managed to a "zero event" — a data loss just cannot happen. Simply put, businesses can outsource the technology but can’t outsource the risk. Therefore, cloud service providers must be managed proactively, aggressively and with a carefully structured approach based on enterprise risk management frameworks.

Applying risk frameworks to the cloud
While there are a number of standards and frameworks available, very few specifically address any outsourced IT services, let alone CSPs. Nevertheless, many of these standards and frameworks can be helpful to risk management in the cloud. The frameworks described in the following list address some key cloud risk management processes…

Read more from the source @ http://searchcompliance.techtarget.com/tip/Incorporate-ERM-frameworks-for-cloud-computing-information-security