8CIOReview | | DECEMBER 2022IN MY OPINIONThe Winds of Change are blowing through the world of work today. Macro trends such as the Fourth Industrial Revolution and the era of Distributed Work require that companies enact and accelerate digital transformation. Technologies such as Artificial Intelligence, Blockchain, Autonomous Vehicles, Robotic Process Automation, Edge Computing, and Internet of Things are enabling innovation, competitive advantage and cost savings.Amidst this backdrop, Cloud Computing has become central to digital business to enable business process re-engineering efficiently and effectively to drive companies forward and fuel competitive advantage. Cloud security and privacy are now mission critical. Thus, envisioning and enacting a governance lifecycle for cloud applications and services is necessary for enterprise risk management. This article recommends best practices for cloud security and governance. Initiate the process by developing and communicating a company policy for cloud computing. This policy can be used as a foundation to have conversations and educate business partners. It is important to reinforce that before they buy cloud services due diligence and due care are required. The internal Purchasing organization is a key ally in implementing full lifecycle service assurance for cloud contracts. They can ensure that all necessary checks have been completed prior to contract execution.It is important to ensure that cloud providers have appropriate administrative, technical and physical safeguards in place by verifying their compliance with corporate security policy. Purchasing should provide a standard screening checklist to potential providers before contracts are signed. The Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ) is a great framework for this purpose to evaluate and compare cloud providers. A CLOUD SERVICES SECURITY PLAYBOOKBy Arun DeSouza, CISO & CPO, Nexteer AutomotiveArun DeSouza
< Page 7 | Page 9 >