According to the association, which has approaching 100,000 members worldwide, the cloud has become a major growth area in IT spending, meaning that enterprises must adapt to the changes it brings to maximise their return on investment.
The new guide - entitled `IT Control Objectives for Cloud Computing: Controls and Assurance in the Cloud' - is available in electronic form for $50.00 and in print form for $60.00. ISACA members can download the guide free of charge, or purchase a print version at the discounted price of $35.00.
Infosecurity notes that the guide - chapters 1 and 2 of which can be downloaded by anyone free of charge - says that, when large companies start to use cloud computing resources for their IT services, business processes are impacted and, as a result, there is a need for corporate governance.
Using a governance process, says the guide, allows enterprises to more effectively manage their increasing risk, as well as ensure the continuity of critical business processes that now extend beyond the company data centre.
The guide adds that the governance process allows organisations to communicate clear enterprise objectives internally and to third parties, as well as adapt their IT systems and processes more effectively.
Marc Vael, a director of the knowledge board with ISACA, said that cloud computing is not hype, but a normal evolution in changing the relationship between the IT and business departments on using digital information.
"Cloud computing delivers many advantages to any type of organisation in the world", he said, adding that, on the other hand, when implementing cloud computing solutions, specific attention points still must be asked and dealt with.
"In my personal opinion these are very similar to the already known control objectives for IT outsourcing of processes and systems", he explained.
Delving into the book reveals that one of the key strategies in dealing with the cloud integration and development process involves the asking of the following key questions for proper governance of cloud computing:
What is the enterprises expected availability?
How are identity and access managed in the cloud?
Where will the enterprises data be located?
What are the cloud service provider's disaster recovery capabilities?
How is the security of the enterprise's data managed?
How is the whole system protected from internet threats?
How are activities monitored and audited?
What type of certification or assurances can the enterprise expect from the provider?
The guide also outlines business case development; how standards and good practices assist with cloud governance; how to establish business goals for the cloud; risk considerations and responsibilities; and a cloud computing management audit/assurance program.