How is cloud audit different from IT audit as we know it?
For starters, cloud brings new technology. And new technologies bring new risk.
Then, the business model of cloud implies that security is now a shared responsibility.
But in my mind, the most profound differences lie in the scale of things.
If you have seen my signature cloud video, you would remember that cloud is a way to handle the fact that our IT is now at 10X or 100X the size it used to.
We are not going to handle that by employing 10X the number of auditors. We simply don’t have that many auditors.
This scale of things is one of the reasons that the cloud requires a profound change in the way we do IT governance. It is not IT audit as usual, though most of that still happens, somewhere.
The body of knowledge of the CCAK (Certificate of Cloud Security Knowledge) elaborates on the observation that we need to tool and automate our audits as well.
Cloud audit is more about cloud governance than ever.
I could talk about this all day (and in fact in my CCAK workshop I probably will :-)), but I’d also like to offer you some additional perspectives.
My friend and fellow cloud security trainer Moshe Ferber has written a few blogs on the website of the Cloud Security Alliance.
This blog in particular covers governance.
For more information on my CCAK workshops, such as dates and content, or to register directly, continue to this page.