Governance, Security and Compliance

Cloud is finally starting to move beyond the hype and into the very fabric of today’s enterprise. Most organizations are adopting cloud computing in a piecemeal fashion with a growing trend towards moving core business functions into the cloud. However some organizations are holding out on adoption either because privacy, security or compliance seems like insurmountable barriers or they expect market maturity in terms of data management and management of multiple cloud providers.

What cloud providers and consumers must recognize is that in order to reap the full benefits of cloud solutions, their adoption strategy must be aligned with a comprehensive risk management approach which looks beyond developing security policies, satisfying internal audits or contractual obligations.

At KPMG, we believe this approach would include considerations such as,
- Understanding the impact of cloud on compliance across operational jurisdictions
- Establishing a governance model which identifies shared responsibilities, defines accountability metrics and provides customers insight into their service relationship
- Periodically assessing and managing security and privacy practices
- Collecting key success metrics and communicating this information to facilitate corporate governance and drive ultimate customer satisfaction.

Organizations facilitating business transformation with the above fundamentals force and thereby change how security and privacy risks are perceived and addressed, which should greatly increase successful adoption of cloud solutions in support of business objectives.