IT security audits determine whether an information system and its maintainers meet both the legal expectations of customer data protection and the company’s standards of achieving financial success against various security threats. These goals are still relevant in the emerging cloud computing model of business, but they require customization.
Cloud computing, as defined by the National Institute of Standards and Technology (NIST), is “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” In essence, cloud computing could be described as the use of computing resources—both hardware and soft ware—provided over a network, requiring minimal interaction between users and providers.
