Measuring Risk and Risk Governance was just made available by the Cloud Security Alliance (CSA), the foremost global organization for establishing standards, certifications, and best practices to assist assure a safe cloud computing environment. The survey, developed by CSA in partnership with Google Cloud to evaluate the maturity of public cloud adoption and risk management processes within the company, provided a deeper knowledge of these practices.
Adopting technology that improves operational and customer experiences is a part of the digital transformation process. The cloud is increasingly being considered as a way to boost an enterprise's risk posture with a view to enhancing overall business risk management; this action is frequently supported by an improved strategy for application, data, and infrastructure security. Because both the cloud service provider and the customer have ownership in the provision of services, business risk assessment methodologies must be adjusted to the cloud model and take these consequences into account. A greater understanding of IT's impact on an enterprise's entire risk maturity, including the adoption of a shared fate partnership between CSP and customers, is provided by evaluating cloud and business risk together.
"With enterprises continuing to add production in the cloud and the growing use of cloud services, managing cloud and digital assets will be critical in risk management and measurement. While there is still work to be done as organizations mature their ability to manage cloud and multi-cloud security and risk mitigations, these issues are improved in the cloud when compared to current on-premise and legacy IT environments. This study confirms that an organization's best path to viable risk management involves IT modernization into the cloud or cloud-like on-premise infrastructure,"
Jim Reavis, co-founder and CEO, Cloud Security Alliance
The survey, which was conducted in two phases, was designed to advance industry understanding of business risk. More than 600 IT and security experts from a range of company sizes and locations responded to the second component of the study, an online survey, using the information acquired in the first round of interviews, which were conducted by CSA.
"Increasingly, cloud is becoming less of a risk to manage and more of a means to manage these risks. Continuously evaluating your risk status allows enterprises to properly configure and maximize the effectiveness of their security solutions, which in turn, protects their assets and improves business productivity. This study has shone a light on the opportunities enterprises can take to manage and measure their risk, and will hopefully lead to improved risk management practices. And, whereas these practices impact many areas in the enterprise, modernizing the approach helps both businesses and providers improve their cloud adoption," said Phil Venables, Chief Information Security Officer and Vice President of Google Cloud.