Cloud demands risk mindset change
Intellectual property ownership, contractual divorce clauses and root password control are critical risk factors to consider as enterprises move into the cloud.
This is according to Max Blecher, IT governance and risk officer at Tiger Brands, who also heads the South African National Standards Body representation to ISO on IT governance.
"The cloud provides many benefits to organisations such as flexibility, scalability, and cost reductions," says Blecher. "It also minimises traditional IT risks, such as change control, information security and disaster recovery, as cloud service providers generally have mature service delivery models.
"However, moving to the cloud changes the enterprise's IT risk profile; moving it from the operational to the strategic, which requires a risk mindset change."
Tiger Brands' recent change of IT infrastructure provider led to different perspectives emerging between the company and the service provider on a number of key issues, including what constituted intellectual property, who owned it, how this impacted IT service transition responsibilities, and who had rights of control.
"The lessons learnt from this transition provide good insights into the potential IT risks that businesses could face in the cloud, as well as what organisations should be doing to prevent these risks from materialising," says Blecher.
Blecher will present a case study on Tiger Brand's recent service provider change at the upcoming ITWeb Governance, Risk and Compliance (GRC) Conference 2014, in Johannesburg, in March.
This is the third annual GRC event from ITWeb. It features updates from top influencers, more current South African case studies detailing how to correctly implement and manage GRC initiatives, the latest on legal and regulatory requirements, and a half-day workshop on POPI and privacy.
Registration for this annual ITWeb GRC conference and workshop is now open. Click here to find out more and take advantage of the early-bird offer.