On Monday, August 12, Dr. Sarbari Gupta presented “Who Is Responsible for the Security of Cloud-Based Information Systems?” at the 2019 Governance, Risk and Control (GRC) Conference, jointly presented by ISACA and The Institute of Internal Auditors, in Ft. Lauderdale, Florida.

Dr. Gupta’s presentation asserted that cloud computing offers distinct advantages over traditional hosted systems including hardware footprint reduction, elasticity, delegated security and improved availability. Regardless of the cloud computing model chosen (infrastructure/platform/software-as-a-service), however, the cloud system owner (CSO) still retains significant security responsibility for risk management and compliance. Dr. Gupta offered attendees a methodology for determining the CSO’s retained security responsibility and an approach for managing the risk of operating cloud-based information systems.

Dr. Gupta’s presentation deck can be viewed here.