Who Should Perform Your Cloud Audit?

by Sarah Harvey / March 21st, 2019

The evolution of the cloud presents new security issues every day. As more and more organizations migrate user data to the cloud, it drives both cloud service customers and providers to consider how the cloud will impact the privacy and security of data. How does your organization secure your cloud environment? Just like any type of technology or IT operation, the security of your service needs to be validated by a third party. Who should perform your cloud audit? Someone who understands cloud computing and technology, not just an average auditor.

Cloud Computing Challenges

NIST defines cloud computing as, “A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.” This definition has become an industry foundation and demonstrates why cloud computing challenges are two-fold: understanding the cloud, then understanding how you secure it. Who should perform your cloud audit? Someone who can face both of these challenges.

Understanding the cloud means you must understand each of the three elements of cloud computing: characteristics, service models, and deployment models. Each one adds a layer of complexity and shows why cloud computing so different than traditional IT operations.

Location of data, the value of your data, data ownership, compliance obligations, disaster recovery, physical security, vendor risk, evolving technology – these challenges make securing the cloud especially difficult. There’s a lot of moving parts when it comes to cloud computing and truly understanding the technology, the consumer, the responsibility, and the mission. Can your auditor handle it?

Who Should Perform Your Cloud Audit?

When choosing who should perform your cloud audit, you need to focus on finding a cloud expert. Because cloud technology is new and evolving, the industry lacks best practices that are known and understood. That’s why you want an auditing firm that does a thorough job and has auditors that understand the underlying technology. Consider the following questions when determining who should perform your cloud audit:

Do they understand the characteristics of cloud computing?
Do they understand the three service models?
Do they understand deployment models?
Can they explain the shared responsibility model to you?
Can they keep up with the evolution of the cloud?
Do they understand your compliance obligations?
Can they determine which information security framework fits your needs?
Do they specialize in information security and cybersecurity?

At KirkpatrickPrice, we hire technologists, then make them auditors – and this increases the value and quality of our cloud audits. Any auditor from KirkpatrickPrice who’s performing a cloud audit understands cloud computing and technology, and proves it through certifications like Certificate of Cloud Security Knowledge (CCSK) or Certified Cloud Security Professional (CCSP). Contact us today to begin working with a cloud expert.