This question set was originated by: Michael Versace and Regan Adams, Esq.
The Wikibon Project is considering the initiation of a special interest group (SIG) around the area of cloud computing, governance and assurance models, and related service offerings. This group has a particular focus on information and service assurance requirements for the end-user, and how solutions to these requirements can be established as best in class industry practices.
In particular, we are interested in researching:
- The intersection of regulation, enterprise policy, and industry best practice relative to information security, privacy and controls, and the ways in which organizations address these topics when making cloud computing decisions.
- What we've learned from past experience and historical trends (e.g., looking back at online banking, internet identity and data protection, outsourcing services) when setting the course for cloud computing governance?
- Whether an the industry can take a self-regulated approach to a shared risk/reward model when it comes to value and costs cloud-based services?
- How governance and assurance requirements are similar or different for producers and consumers of each cloud service delivery models?
- Platform services
- Infrastructure services
- Software services
- What is required both from the vendor side and from the customer side (policy, controls, monitoring, etc.) to be in place when deciding to engage in cloud services; what are the minimum requirements, and what is optional or desirable?
- Is general acceptance criteria achievable: What internal control points are there for both sides to “check off” to know the baselines of requirements are in place?
- Are there services provided to help customers assess the controls they need and then the ability and cost to complete implementation.
- What are the full range of legal and regulatory issues for the vendor and customer to address during the decision making process?
- What is needed from an internal and external audit function that can help mitigate the risks and foster adoption of cloud services?
If you are interested in joining this SIG, please contact Mike Versace at: michael DOT Versace AT wikibon DOT org.