Ernst & Young joins Cloud Security Alliance

Ernst & Young has joined the Cloud Security Alliance (CSA), a non-profit organization that promotes the use of best practices for providing security assurance within cloud computing.

Through E&Y’s Information Technology Risk and Assurance (ITRA) practice, the firm works with clients in various industries to help them manage IT risk and improve information frameworks. Given that cloud computing is such a hot topic with many companies, E&Y wants to be part of the effort to bolster security as well as learn more about cloud issues.

More on cloud computing and security

• Cloud security predictions for 2011
• Cloud Security Alliance updates controls matrix
• Survey finds companies still struggling with cloud security

“We want to be able to help our clients in understanding the cloud, both the risks and benefits, and provide them with information that will help them better determine how cloud computing will impact their business,” says Bernard Wedge, who leads the Americas ITRA practice at the firm.

“We are seeing great interest regarding the cloud from the C-suite,” Wedge says. “The security, audit and risk community are concerned about the impact cloud computing may have on existing controls and processes, as well as the vendor risk management implications. However, while the finance and business community recognize the benefits, they would like to see the business case behind operating in a cloud.”

Wedge says E&Y wants “a seat at the table when it comes to addressing the standards and guidelines for security in the cloud. Cloud computing is now on the corporate agenda — including at the C-suite level — and we have been getting requests to review cloud service providers and help our clients navigate these changes. So we see this as an area where we should be a part of all high-level discussions.”

It’s also important that movement to the cloud is done in a controlled fashion, Wedge says, “and we hope to facilitate this through awareness and education.”

According to Ernst & Young’s Global Information Security Survey, released in late 2010, 45 percent of companies are expected to use cloud computing in the next 12 months. The top risks most concerning businesses about the cloud are data leakage and loss of visibility of corporate data, according to the report.

“Cloud computing makes an IT investment more efficient, flexible and faster, and allows access to data anytime, anywhere, any place and with any electronic device,” adds Jose Granado, Ernst & Young’s Americas Information Security Services leader. “The more connected we become, the more exposed we are. Instant access to information presents critical security risks and the CSA is helping address those risks through education, research, and developing guidelines for operating in the cloud.”