Migration process is always complex and daunting activity. If migration is not carried out in a methodical approach it could lead to disastrous results.
Cloud computing is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. The characteristics of cloud computing open the gates to new opportunities as well as risks. The major concerns are loss of control, security, integrity, privacy and availability. The auditor needs to understand the cloud risk landscape for effective and efficient auditing.
Depending on whether the cloud provides Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a Service (IaaS), the risk and audit conditions could be different for each case. Also a great deal is dependent on whether the cloud services are provided by internal cloud or external cloud. Therefore the IT auditors should monitor the cloud developments constantly to grasp in timely manner the ever changing risks.
Because clouds are shared by many customers using electronic highway, it is crucial that IT auditors and control experts pay attention to not just protection and security within the perimeter but also on the highway.