Benefits and Risks of Cloud Computing

By admin • November 4th, 2009

A new white paper from ISACA, a non-profit association of 86,000 global information technology professionals, clearly describes how enterprises can achieve greater efficiencies and mitigate new risks associated with cloud computing. The white paper, Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives, is available as a free download from

The paper is brief (only six pages of text) and presents the concepts in an easy to understand manner. There is an informative table on service models, deployment models and essential characteristics. The authors liken cloud computing to utilities “Just as enterprises pay for the electricity, gas and water they use, they now have the option of paying for IT services on a consumption basis.” A great simile, although for Kiwis not all our utilities are operating in an open market!

The benefits and risks of cloud computing are outlined and the conclusion suggests that an organisation considering cloud computing needs to do a thorough benefit and risk analysis. The white paper also covers effective strategies for mitigating risks and addressing assurance issues related to cloud computing.

I highly recommend this article as a starting point for those new to the topic. It also synthesises the current thinking by those working in this area.

Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives; An ISACA Emerging Technology White Paper


I recently put forward some things to consider from a New Zealand perspective to a NZ Forum on the topic. These are by no means exhaustive and do not constitute a complete list of factors to be looked at or advice. A company or individual needs to consult legal, accounting, and IT specialists in order to make sure they have covered off all risks.

+ Where is the “cloud”(how many servers and in which countries)?

+ Have the legal and privacy implications been investigated? These may be different for each of the countries the data is hosted in, and New Zealand.

+ What are the taxation implications from a NZ perspective and for each of the multiple places that it may be hosted?

+ In the case of a government agency, have they addressed all of the aspects of the Public Records Act 2005 and any other applicable Act, or any guidelines.

+ Have government security guidelines such as NZSIT40x and others been complied with?

+ For others, have all Acts of Parliament been complied with ie the Privacy Act etc?

+ Have all other risks been assessed and mitigated?

+ Whose law applies in the case of a dispute with “the cloud”?

+ For applicable organisations, have the State Services Commission guidelines been complied with?



Leave a Comment

« | Home | »


November 27, 2018
by: admin • IITP

Seoul Accord 2018

July 7, 2018
by: Murray Willseducation, IITP

Excellence in IT Awards

July 7, 2018
by: Murray WillsIITP


July 7, 2018
by: Murray Willseducation, Uncategorized