Regulatory Compliance, Governance and Security

Apr 27 2009   11:18AM GMT

Virtualization and Cloud Computing | How and Why Auditing WILL change



The whole new wave of I.T. spreading through businesses today is that of virtualization, cloud computing, the “cloud”, or any other similar and broad based terms or themes. Many people have hailed this new concept for obvious reasons, such as the reduction of overall hardware gear and space taken along with the ability to “virtualize” and share many common systems and applications via a centralized platform, just to name a few.

The challenge in this new I.T. arena is for auditors to truly understand what this new concept is and how they can apply new and improved auditing methods for ensuring that many popular assessment and audit initiatives (SAS 70 and PCI, just to name a few) remain viable. For example, both SAS 70 audits and PCI assessments rely heavily on “sampling” for testing. Sampling in a virtual world, though doable, will require truly understanding a virtual/cloud platform and how to logically isolate one customer’s system or environment from another customer.

In short, the old world auditing of having a single service or function residing on a dedicated, stand alone physical server box is, well, going to the grave very quickly. It’s time to roll up our sleeves and embrace the “cloud” and start to frame and shape improved audit procedures.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: