With increased adoption of cloud services, enterprises have shown an
interest in leveraging the flexibility and agility offered by cloud
platforms. Along with those advantages, however, comes the need to consider
potential risks such those associated with the various deployment models,
identity management, and compliance with data drive regulations to which
the enterprise is subject. Cloud access security brokers (CASBs) are a
solution being employed by enterprises to manage these risks.
To assist IT auditors as they assess the effectiveness of CASB solutions,
ISACA has created a Cloud Security Access Broker (CASB) Audit Program
. This audit program takes into consideration assurance around:
Data security, particularly as related to expectations of regulated
Identity management of users, inclusive of privileged users and
enhanced access groups
Mitigation of risks associated with different deployment models
Asset management and protection through security initiatives such
as physical security and though program management (key management
and incident response as examples)
CASB solutions may vary as enterprises design solutions that best
fit their needs. The audit program, however, provides a solid basis
for all enterprises to assess whether operational and compliance
expectations can be met given its CASB deployment.
As an IT audit and assurance professional, you are expected to
customize this document for your unique assurance process
environment. Use it as a review tool or starting point to modify
for your purposes, rather than as a checklist or questionnaire.
Keep in mind that to use this document for maximum effectiveness,
you should hold the Certified Information Systems Auditor (CISA)
designation or have the necessary subject matter expertise to
conduct your assurance process while under the supervision of a
professional who holds the CISA designation.
>New Books,Published by ISACA,Audit/Assurance Program