Schaumburg, IL, USA— As organizations continue to shift business operations to hybrid, single cloud or multi-cloud environments, it’s important for auditors to assess risk across different deployment models and platforms. ISACA’s new Google Cloud Platform Audit Program assists auditors in understanding the uniqueness of the Google Cloud Platform (GCP) while effectively assessing an enterprise cloud environment for adherence to organizational risk and compliance objectives.
ISACA’s Google Cloud Platform Audit Program includes a spreadsheet file for guidance on testing GCP services and covers the following areas:
- Governance
- Network configuration and management
- Resource configuration and management
- Data security and integrity
- Security incident response
- Business continuity and resiliency
- Security logging and monitoring
- Identity and access management
The audit program notes that as enterprises tailor and scale services to meet the needs of their operations, one of the most significant areas of risk within a cloud environment is the prevalence of misconfigurations and misunderstandings about shared cloud responsibilities. Particularly, for the GCP, auditors need to understand:
- Concepts around identity and access management
- The Organization/Project/Folder structure
- The impacts of inheritance and hierarchy on access and permissions
- The enablement/disablement of logging options
Without a solid understanding of these, there is an increased likelihood that risk goes undetected until an incident occurs.
“With Google Cloud Platform now being the third-largest provider of cloud services, auditors need to make sure they have the necessary tools to assess the adequacy and effectiveness of the platform,” says Robin Lyons, IT Audit Professional Practices Principal at ISACA. “ISACA’s new audit program provides this support to audit professionals, allowing auditors to understand the types of services the GCP provides, the terminology it uses, and the enhancements and innovations offered.”
The audit program is free for ISACA members and US$49 for nonmembers and can be accessed at www.isaca.org/google-cloud-platform-audit-program. Additional audit programs and tools from ISACA can be found at www.isaca.org/resources/insights-and-expertise/audit-programs-and-tools.
About ISACA
ISACA® (www.isaca.org) is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its more than 170,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through its foundation One In Tech, ISACA supports IT education and career pathways for underresourced and underrepresented populations.
Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews