Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Cloud Computing Survey Balances Risk Against Reward

ISACA : 24 March, 2010  (Technical Article)
Survey from ISACA into EMEA attitudes towards cloud computing uncovers high levels of risk not acting as a deterrent to technology uptake
Research conducted across Europe, the Middle East and Africa (EMEA) by ISACA, a non-profit association of 86,000 global information technology professionals, has found that a quarter of enterprises that already use Cloud Computing believe that the risks outweigh the benefits (a fifth in the UK), yet still carry on regardless. This perhaps recognises the relative immaturity of Cloud Computing usage and the uncertainty of the balance between risk and reward. Of the more than 1,500 professionals sampled across more than 50 EMEA countries, 33% already use Cloud Computing (40% in the UK);

According to ISACA's survey, the IT Risk/Reward Barometer, EMEA, with regard to future use of cloud computing:

* 9.4% of respondents (8.9% in the UK) plan to use Cloud Computing for mission-critical IT services;
* 8.8 % (9.6% UK) will only use the cloud for low-risk, non-mission-critical IT services;
* 35.6% (31.8% UK) do not plan to use the cloud for any IT services;
* 17.9% (23.6%) have not formalised their plans;
* 28.2% (26.1%) were not aware of any plans for cloud computing.

The survey found that nearly two thirds (63%) of organisations claimed they are willing to take IT-related business risks in anticipation of a return for the business (64.3% UK) and 12.1% would take large risks to maximise business return.

When asked about integrating IT Risk Management with the organisation's overall approach to risk management:

* 4.8% admitted they do so without a formal approach to business Risk Management (3.2% UK);
* 22.2% said they did not effectively integrate IT Risk Management with their overall approach to Risk Management (22% UK);
* 24% said they are very effective at managing risk (20% UK);
* 48.7% reported being somewhat effective (54% UK);

ISACA acknowledges that to get ahead in business, there must be an element of risk, but warns it mustn't be at any price.

Paul Williams, ISACA Strategy Chair and IT governance adviser to Protiviti advised, "Every day we take calculated risks. Organisations need an integrated Risk Management approach to identify, assess and prioritise risks, so that they only take appropriate gambles with acceptable consequences or level of reward. Enterprises must never crash and burn because the risk was ignored or misjudged."

In additional findings from the study, 61% of UK organisations reported that they believe the biggest risk employees pose to their organisations is failing to protect confidential data - although this is slightly lower elsewhere in EMEA, at 58%. In addition, the UK and EMEA both rate an employee's use of non-approved software or online services second at 32% and 36%, respectively. Considered low risk by 46% of UK IT professionals (42% in EMEA) is an employee checking personal e-mail or visiting social networking sites from a work device. More than half the organisations questioned (56%) across EMEA believe that investments in IT services are not utilised to their full benefit.

Budget limits are an organisation's greatest hurdle when addressing IT-related business risk, say 34.2% (31.2% in the UK), followed by business lines that are not willing to fully engage in Risk Management - 28% in the UK and 24.2% in EMEA. Where the UK and EMEA disagree is on what is the most important action an organisation can take to improve IT Risk Management -UK organisations place emphasis on improved coordination between IT Risk Management and overall enterprise Risk Management at 32.5% (29.4% in EMEA), whereas 31.5% in EMEA recommend an increase in risk awareness among employees (28% in the UK).

At ISACA's EuroCACS Conference held 21-24 March 2010 at the Kempinski Hotel Corvinus, Budapest, Hungary Risk Management and Cloud Computing were just two of the many topics covered. Speakers included Rolf von Roessing, Vice President of ISACA, who identified key technical and organisational challenges associated with Cloud Computing and Urs Fischer, CISA, chair of ISACA's Risk IT Task Force, explained how ISACA's Risk IT framework can help organisations align IT Risk Management with business risk management.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo