CSA's Perspective on Cloud Risk Management

This whitepaper initiates a debate within the cloud and risk management communities on the suitability of existing methodologies and practices to effectively and efficiently assess, treat and mitigate, and monitor cybersecurity risks in the cloud.

There are five questions that represent key elements that stimulate the debate and support possible solutions:

• Are existing risk management methologies adquate to manage risks in the cloud?
• Is the shared responsiblity model appropriately reflected in the risk management processes and programs?
• Are companies aware of the implications of governance forced by the idea of indirect control?
• Is the cloud supply chain complexity factor sufficiently weighed into the risk management practices?
• Are current practices adquate to effectively communicate risks to the members of the board?