Managing Risk in the Cloud – The Role of Management

August 2015


As business use of cloud services continues to grow, an ever increasing amount of sensitive data passes in and out of the cloud, exposing that data—and the business itself—to significant cloud risks. Through cloud discovery your organization can identify the usage of shadow IT, minimize your cloud risk profile, and eliminate potential cloud security threats.


From risk exposures, ineffective operations controls, and unmet governance objectives, organizations may lack visibility into cloud services and usage across the enterprise. Being unable to determine a comprehensive cloud services risk profile can lead to unknown vulnerabilities and threats. Do you know how your company discovers and risk assesses all the cloud services being consumed within the organization?

This paper provides a point of view for risk and security officers, audit executives, and those responsible for deploying cloud services. The following topics are highlighted within the paper:

  • Cloud risks. Cloud security threats of unsanctioned clouds (“shadow IT”).
  • Cloud discovery. The first phase of a three-step cloud lifecycle for discovering and assessing cloud services usage across an organization.
  • Cloud lifecycle. PwC’s six-phase approach to building an enterprise-wide cloud security and risk management program.
  • Management’s role. Guidance on how business leaders can do their part in building a secure and trustworthy cloud environment in their organization.

Contact us

Michael Corey
Internal Technology Audit Services Leader – Non-Financial Services
Tel: +1 (415) 498 7402

Satchit Dokras
US Cloud Assurance Director
Tel: +1 (408) 817 5720

Follow us