GRC Practitioners and the Cloud

GRC Practitioners and the Cloud

Last week, a Cloud-based pilot Compliance Evaluation project was put on hold by a potential client because their IT Department is due to install new servers, and they don’t want to engage with new systems until the process is complete.

Once again, advances in technology seem to have completely bypassed both the potential client and its IT Department.

Firstly, I believe it is highly unlikely that any company’s traditional IT Department is going to spend much time and effort developing specialist, ‘non-core’ applications, such as those required by their Governance, Risk and Compliance practitioners.

Secondly, unless such applications are readily accessible across the enterprise, they become the domain of the GRC practitioners, and are not embraced by the company as a whole.

This makes Cloud Computing the ideal vehicle for the development of GRC evaluation and implementation services. The Cloud offers highly secure, globally accessible services, which do not impact a company’s IT infrastructure.

GRC practitioners should be insisting that they are allowed to implement appropriate Cloud-based GRC services to the benefit of their respective companies. The benefits of rapid implementation, global accessibility and specialist services should far outweigh the day-to-day operational concerns of their IT Departments.

In order to do this, GRC Practitioners must start familiarising themselves with the availability of appropriate services in the Cloud, and be prepared to make a stand for their usage, otherwise they may well be left in the dark ages through the tardiness of their IT Departments to adopt new paradigms.