Question

You are the technology auditor for a medium size online retailer. With the growth, it has been very difficult for the Information Technology (IT) group to keep up with the hardware requirements and new software for all the various smartphone applications. Much of the in-house technology is outdated from a web application and regulatory standpoint. Many organizations have lowered costs by going to cloud computing solutions, including your competitors allowing them to lower costs and gain market share. One of the key benefits of cloud computing is the opportunity to replace up-front capital infrastructure expenses with low variable costs that scale as the business grows.

The CIO has done a complete analysis of moving to a cloud computing solution with Microsoft’s Azure Cloud Platform. The reduction in ongoing costs would be almost fifty percent along with major capital expenditures for upgrades if they were to keep processing in-house. There would be reduction of 70% in the IT staff. With this change, all IT functions for the primary application of customer order processing and fulfillment would be handled through the new platform. The physical inventory will continue to be managed by the retailer (i.e., warehousing and distribution). Some existing applications such as human resources and accounting will remain in-house. You have been asked by senior management to assist with this project and the evaluation of the controls.

a. Describe the five most significant control concerns that you would like to express to the senior management in the transition to Microsoft? Give it some thought. Make sure your five items are consistent with the facts of the case and that each is unique.

b. How would you propose the organization get comfortable with the controls at Microsoft prior to signing the contract?

Answer 1

The five most significant control concerns in transitioning to Microsoft's Azure Cloud Platform are data security and privacy, service reliability and availability, data backup and disaster recovery, vendor lock-in, and compliance and governance. To get comfortable with the controls at Microsoft, the organization should conduct a thorough security assessment, request references and case studies, and engage an auditing firm for an independent assessment.

Step-by-step explanation:

The five most significant control concerns in transitioning to Microsoft's Azure Cloud Platform are:

1. Data Security and Privacy: Ensure that appropriate security measures are in place to protect sensitive customer data and comply with data privacy regulations.
2. Service Reliability and Availability: Assess the reliability and availability of Microsoft's Azure Cloud Platform to ensure uninterrupted access to critical systems and applications.
3. Data Backup and Disaster Recovery: Develop a comprehensive backup and recovery strategy to protect against data loss and ensure business continuity in case of system failures or disasters.
4. Vendor Lock-in: Evaluate whether the organization will be tied to Microsoft's Azure Cloud Platform and the implications of switching to another cloud provider in the future.
5. Compliance and Governance: Ensure that Microsoft's Azure Cloud Platform complies with relevant industry regulations and internal governance policies to mitigate legal and financial risks.

To get comfortable with the controls at Microsoft prior to signing the contract, the organization should:

• Conduct a thorough security assessment by reviewing Microsoft's security certifications, conducting vulnerability assessments, and performing penetration testing.
• Request references and case studies from existing customers who have migrated to Microsoft's Azure Cloud Platform to gain insights into their experiences with controls and compliance.
• Engage a third-party auditing firm to perform an independent assessment of Microsoft's controls and compliance.