In a recent MetricStream survey, 35% of large-sized enterprises cited the cloud as having the most potential to disrupt IT risk management programs. Read this report to discover MetricStream’s major cloud trends and predictions for 2018
Gunjan: The cloud will continue to change the economics of software across the board, including GRC. MetricStream has spent the last few years developing the next generation of GRC cloud infrastructure based on the latest technologies such as VMware and Docker, Amazon’s AWS, and the Google Cloud. The MetricStream GRC Cloud will use a multi-instance approach, moving away from the traditional multi-tenant architecture in which data is co-mingled. This means that customers will eventually be able to fire up various GRC app instances in near real time – whether it’s for internal audit, or enterprise risk management, or third-party management. Already, 80% of our customers are deploying their GRC apps on the cloud, and this trend will grow as more companies focus on lowering costs, and accelerating deployments.
Vidya: As organizations reach digital nirvana, and move their businesses onto the cloud, they will adopt hybrid cloud platforms as a way of “de-risking” their processes and applications against disruptions, and enabling rapid scaling. Some applications will be deployed on the private cloud, and others on the public cloud based on factors such as the business criticality, scalability, and responsiveness of the applications involved, as well as the level of sophistication and regulatory compliance demonstrated by the cloud service provider. A clear and specific cloud adoption strategy will be the cornerstone of the digital expansion objective.
Vidya: With more organizations adopting the cloud and the internet of things (IoT), organizational computing and its security paradigm will undergo another wave of metamorphosis. Propelling this change will be newer cloud architecture schemes such as micro data centers that will make it easier for companies to meet localized business and regulatory requirements. However, new risk and compliance related issues will emerge out of this change, driven by cybersecurity and data privacy concerns, business service level agreements, and regulatory pressures.
Vibhav: New regulations such as the EU’s General Data Protection Regulation (GDPR) will amplify the number of data privacy requirements in the cloud. Organizations will be expected to go around their facilities and servers with a magnifying glass to identify the full scale of customer data storage and exposure. 2018-19 will see a major increase in software and other enabling systems to manage data discovery, data flow, and data access in a compliant manner. Organizations will also need to put customers at the center of their processes around data management, access control, and cybersecurity practices - something that has been lacking till date.
Vibhav: As hybrid clouds and micro data centers enable organizations to shift between cloud service providers, IT teams will adopt a more real-time and continuous approach to due diligence. They will increase their monitoring of cloud service providers to strengthen compliance with expanding cybersecurity regulations and internal policies. In addition, IT teams will look for standardized compliance frameworks such as the Federal Risk and Authorization Management Program (FedRAMP) to be part of their evaluation and management of cloud service providers.