ISACA Muscat Chapter conducted a CPE Seminar on "Cloud computing & Security Compliance" at the College of Banking & Financial Studies on October 25, 2010. The presentation was made by Mr. Vishak Jayakumar, Information Security Consultant, Ernst & Young, Muscat

Mr. Muralidhar Venkatesan, President, ISACA Muscat Chapter, welcomed the gathering. He stated that the Chapter was recognized for its educational programs and the relevance of the topics to its stakeholders. The seminar should help us to obtain better clarity on what exactly is cloud computing, what are its advantages and disadvantages, and the security and audit implications arising out of its use."

The speaker Mr. Vishak stated that “Cloud computing has been a hot discussion topic among IT professionals ever since its introduction. There are many debates happening over this topic as well”.

Cloud computing essentially involves the outsourcing of the computing capacity to third party services over the internet. It helps in reducing power, storage, personnel, hardware and other related costs. In other words, out sourcing computing capacity can also promote greater flexibility and free up valuable IT resources for more strategic projects

Investing in Cloud Computing is a strategic decision. One needs to find out which delivery model is best suitable for the company. It also has to be seen which data can be moved to the cloud. There are many issues that should be addressed. Foremost would be to weigh the savings by such a decision? What would be the additional benefits that the company could get? Finally which vendor to choose?

The biggest challenge with Cloud Computing is the concern over security. Handing over business critical data to an external provider is not an easy task to many on the top. What happens if the data is compromised? How do we know whether it is already compromised? If yes, how do we notify constituents and the effect it will have on the company!

The top three reasons to use Cloud Computing is the scalability on demand or the flexibility it brings to the business, the reduced hardware infrastructure cost and the reduced IT staffing and administrative costs. The other benefits albeit smaller ones are the minimal start-up costs, improved Disaster recovery and damage mitigation, better realignment of the IT support services, flexible infrastructure and capacity and finally it is a Greener solution.

The speaker then explained the recommendations to improve security & compliance within the cloud. Foremost of the recommendations was transforming the role of the internal audit. Internal audit has to move from the traditional role of a compliance officer to a strategic business advisor. It should serve a subject matter resource to business management by supporting their strategic initiatives and key organisational objectives. Internal audit’s core competency would be to reinforce and monitor the control environment and compliance. Involvement at the design stage would ensure effectiveness of the internal controls. Compliance with key regulations and policies are then built in the design stage.

The session was framed in such a way, that the audience got a clear concept of Cloud computing and its associated security issues. Vishak also informed the audience about the level of competition among the cloud vendors. Few key vendors were identified and the service delivery model that they specialized was explained. The core focus of the session was to give an clear understanding on the security and compliance issues associated with the Cloud computing

ISACA, Muscat Chapter is one of the most vibrant professional bodies in Oman holding regular CPE seminars for its members. Details of the Chapter's activities can be obtained by visiting the Chapter's website at www.isacamuscat.org or by sending an email to This e-mail address is being protected from spambots. You need JavaScript enabled to view it .