Information Governance for the Implementation of Cloud Computing

Information Governance has become gradually an important area due to the explosion of data in numerous formats at diverse levels of any organization. An Information Governance platform may have the capability to improve the data quality and may also support in leveraging strategic decision making. There is a growing trend to move the data from on-premise software to the new on-demand cloud-based solutions to support the growing needs of the business computing services which has the potential to lower the costs and mitigating the risks. Cloud computing is considered as a utility that is massively scalable and can be readily modified, the way we may control the temperature in the furnace using the thermostat which has the potential to save energy. There are many organizations that are investigating the Cloud to see if the application can meet their information Governance needs such as eDiscovery, compliance, law, security, risk management, records management, and business operations. Information Governance is a super-discipline that embraces components of several key fields as mentioned above (Robert F. Smallwood, 2014).


INTRODUCTION
This paper has offered a study on applying information technology (IT) governance policies and processes for the application of a tenable cloud computing platform. IT governance is explained as a set of procedures intended to inspire actions that are reliable with the mission, strategy, and principles of the organization, the methods address several matters related to IT such as decision processes, rules, the assignment of responsibilities, and contribution rights for the stakeholder.
Cloud deployments give users some sovereignty and freedom from their IT department, and IT departments are inspired to have immediate resources at their removal and eliminating few of the errands for infrastructure to focus on business applications. IT governance must be effective. To offer such effectiveness in the IT governance process, there must have a dependence on a couple of key mechanisms such as -• IT steering committee • Engagement of senior management in IT • Corporate performance measurement systems One of the principal goals of IT governance is to take decisions for investment and utilization of IT functions by focusing the question about how an organization should gain investments to its IT for the highest benefit to the entire organization.
Moreover, as the use of cloud computing for bringing IT functions becomes universal, organizations using cloud computing must efficiently smear IT governance to it. While cloud computing gifts wonderful opportunities, it emanates with several risk factors as well.

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 4
Information security is one of the highest risks in cloud computing. Thus, IT governance must be pragmatic to cloud computing information security to facilitate managing the risks associated with cloud computing information security. Cloud computing in the newest model to deliver the IT services and it demands a framework for securing the organization's information while stored in the cloud. Managers and IT leaders who are the subscribers of the Cloud-based services are held responsible for providing seamless IT performance.
Several critical IG challenges connected with cloud computing must be focused on. These take account of privacy and security matters, records management (RM) problems, and compliance questions, such as the competence to reply to legal discovery orders. Furthermore, there are metadata management and supervision questions. An inquiry and examination are required to perform to know how the Cloud Services providers will provide RM capability which is again a crucial matter to know how to lend support to IG functions such as archiving and e-discovery, and meeting IG policy requirements. Organizations need to identify the security risks, loopholes with regards to cloud computing and they should have a defined IG policy and controls in place to influence the Cloud technology to support electronic data and information being looking further on the Cloud Strategy.
With the growing maturity and expansion of cloud computing, public cloud computing services are an expected choice for enterprises to attain better cost savings and resource use, however, there are qualms about the security in the cloud computing services space.
Besides, enterprise data security and privacy questions have become one of the major factors that have delayed the popularity of cloud computing [4]. Thus, cloud computing will advantage from a defined framework of IT governance and the related best practices.

Features Definition/details
On-demand self-service Can provision the computing resources (CPU, memory, disk) automatically as needed based on the resource usage stats and that too without involving any human intervention.

Broad network access
Capabilities are accessible over the network, can be accessed via mobile phones, laptops or through other handheld devices (both thick and thin client platforms)

Resource Pooling
Multi-tenancy model is formed. Location independence with no control or knowledge about the exact location of the resources.

Rapid Elasticity
Quick scale-out and scale-in features provided. Resources may be provisioned as an unlimited capacity and maybe purchased at any time by any quantity.

Measured Service
Resource usage may be observed, measured and reported. Creates transparency for both provider and consumers.  Few examples of business applications that commonly are migrated to the cloud environment include advertising, collaboration, e-mail, office productivity applications (Office Suite based products), sales support solutions (CRM based applications), customer response systems, file storage and shared locations, files (dropbox.com, SkyDrive, OneDrive) and system backups images. So knowingly, unknowingly we are keeping our corporate personal or important details to cloud-based systems. The mobile phone backups are mostly kept in Cloud-based storage (an example). This is totally ungoverned information stored in the cloud.

Cloud Deployment models
There are four basic cloud computing models which are popularly used depending on the customer's use casesprivate, public, community, and hybrid combination of multiple clouds). Public Cloud Managed by a general public or by a large industry group which is owned by the organization selling the cloud-based services.
Community Cloud In this model, the cloud-based infrastructure is shared among several organizations which support or functions a specific industry/community with shared concern, mission, policy, etc.
Hybrid Cloud This cloud model is a combination of two or more cloud models (for example, load balancing across the clouds).
According to the survey conducted by RightScale [13], both public and private cloud adoption have improved as compared to the last year. The survey illustrates that the number of respondents now implementing public cloud is 92 percent. Consequently, the overall portion of respondents consuming at least one public or private cloud is today 96 percent. List of key benefits an enterprise can expect while adopting Cloud Infrastructure.

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF
• Cost Reduction. The company does not have to spend a lot of money in procuring and maintaining the hardware, infrastructure. It can also help to reduce potential downtime.
• Scalability. This is the greatest advantage of the Cloud. Cloud Solutions offers a great deal of business to such organizations which are growing or have fluctuating bandwidth requirements [12]. If the business demand increases, increasing the resources at scale, and during off reason, maintaining the resource utilization tightly by reducing the

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD
resources. This approach significantly reduces the operational issues, maintenance, and Zero up-front investment.
• Data Privacy/Security. Cloud offers a variety of security features that may guarantee that Cloud offers a variety of security feature data is securely stored and handled. Cloud storage vendors implement baseline protections to the platforms and the data they manage, such as authentication, access control, connection and encryption [12]. • Disaster Recovery. Cloud-based services deliver rapid data recovery during any kinds of emergency situations -from natural disasters to power outages.
• Control. Cloud enables users having complete prominence and control over the data. We can easily choose which users need what level of access to what data and how long.
• Improved Collaboration. It allows discrete groups of people to meet virtually and effortlessly part information in real time and via shared storage.
• Less environmental impact. Companies who use shared resources improve their 'green' identifications [15].

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 14
Must have Cloud Computing Security Features According to statistics cited by the Economist [14], "the average time involving an attacker breaching a network and its owner observing the intrusion is generally a period of 205 days." During that time, hackers can do indefinable damage to the business and the customers.
Implementing a strong security feature can be excessively expensive for the corporation making the investment. Using a cloud service provider can remove the large, up-front capital expenditures attached to top-of-the-line cybersecurity events.
• Strong Firewall which has the capability to monitor granular basis the file packets do traverse between source, destination.
• Intrusion Detection Systems (IDS) with proper Event-logging feature.
• Data at rest encryption and Data in transit encryption • Internal firewall to safeguard the individual applications and the databases.
• Maintaining strong security at the data centers to avoid incurring threats through inside attackers. Tight monitoring is expected through CCTV monitoring, Biometric security controls and through armed security patrols throughout the time.
However, it's vital for businesses to make sure that the cloud service provider has the right security features for their cloud infrastructure.
When researching cloud service providers, check for the following 5 must-have cloud computing security features and services:

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 15
Besides the obvious benefits of using Cloud, there are few of the specific benefits offered by Cloud Computing Solutions are listed below: • Bring Your Own Device (BYOD). If the users have access to an Internet connection, they can use any device to access the applications deployed in the Cloud Infrastructure.
• Cloud-based file storage solution provides a better and safer alternative as compared to storing data to unsecured removable media or sending details via the email address.
Nowadays, any sensitive data can be uploaded via secured file transfer or secured email which no one other than the intended recipients can review or do anything.

Making Cloud Computing Governance Strategy Work [16]
The cloud needs a strict governance body that can deal with standardization of services and other Many organizations also use a kind of service catalog as a record of IT services. This should be further extended to the cloud. The catalog may include evidence such as

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 16
• Whom to contact with regards to a service?
• Who has the right authority to change the service?
• Which critical applications are related to which service?
• Outages or any other incidents related to any service?
• Documentation of all agreements among IT and the customer or service users?
Cloud Computing Governance Principles [17] Cloud computing governance to be based upon the following principles. They may be applied across the cloud lifecycle starting cradle to grave [17]. • Conform with laws, regulations, and external policies concerning the collection, retention, and management of data with access to all stakeholders to applicable rules.

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 17
• Be detailed for all the architectural layers and applicable to all the stakeholders in the cloud ecosystem.
• A feasible exception plea processes must be in place to discourse any special circumstance. Stakeholders must represent the viewpoints of: • Key roles such as cloud service consumers, providers, integrators, developers, etc.
• Crucial business functions like finance, legal, etc.

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 18
A process for resolution of arguments among cloud service company providers must be in place. help the end users' access to virtualized desktops and the applications in the VDI. The overall ecosystem is broadly known as the Thin Client model. The kind of flexibility, agility, security, and supportability which this computing model offers are the major source of reason to be adopted rousingly in the digital age. It further lessens administrative workloads because tasks such as security plans and policies; and software upgrades can be applied at the data center. This results in fewer downtime and increases productivity amongst both the IT department and to the end users.
Virtualization supports all three major platforms of cloud computing resources such as private, public and hybrid. IT can associate Thin Client solutions with cloud computing to attain the required performance in VDI. The extraordinary capability and IT capacity of Thin Clients utilize the data-intensive characteristics of cloud computing through running complex applications. Though this smart approach, it is possible to deliver more scalable services through smart software tools and networking solutions.

Cloud Security Governance [19]
It refers to the management model that helps in delivering effective and efficient security management and operations in the cloud environment to attain the enterprise's business targets.
This model integrates a hierarchy of executive mandates, performance expectations, operational practices, and metrics that result in delivering the optimization's business value for an enterprise.
Cloud security governance technique answers a few leadership questions such as:

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 20
• Does our security investment produce the desired returns?
• Are we aware of our security risks and business impact?
• Are we increasingly dropping our security risks to the satisfactory levels?
• Are we able to establish a security-aware culture and mindset within the enterprise?
The strategic arrangement, value distribution, risk mitigation, effective use of resources, and measuring the performance are some of the key purposes of the IT governance model. It is important to recognize the operational culture and business and customer profiles of an enterprise to successfully pursue and achieve these objectives so that an effective security governance model can be customized for the enterprise.
In order to build a robust cloud security governance model for an organization, it requires strategic-level security management capabilities in conjunction with the usage of right security standards and frameworks such as NIST, ISO, CSA, ENISA, COSO, ISACA and the implementation of a governance framework such as COBiT, ITIL, ValIT.
The immediate first step is to understand the overall governance construction, inherent components. A governance framework delivers referential leadership and best practices for setting up the governance model for security in the cloud. Suitable security standards and a governance framework are needed to be chosen based on the organizations' business objectives, targets, customer portfolio, and responsibilities for safeguarding data and other information possessions in the cloud environment.

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 21
With the benefits of cloud computing enterprises do not need to focus any longer to the IT services, rather they can focus more on the core business to increase the business. Since Cloud providers only host the hardware, infrastructure and software resources, the enterprise does not have to think about capital expenditure. Though the benefits of Cloud, the company can invest more in line with the business goals, objectives and focus on the core products, services, and Operations. Among the benefits of the Cloud, significantly there are IG threats and concerns which are described below.
• Short of clarity about ownership of information • Managing records at the file level are not possible yet.
• Dealing with large failure and downtime associated with any cloud provider.
• Implementing legal holds during the situation of any litigation.
• Lack of Records Management functionality with most of the cloud-based applications.
• Limited capability to confirm that the cloud provider meets the duties to follow rules related to the governance of the information.
• Following countrywide data protection laws and rules such as GDPR [20], "personal information and important data protection system" defined by the Chinese government.
• Jurisdiction and political matters that may stand up since the cloud provider exist in outside of the organizations' geographic area.

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 22
Comparison of Cloud Computing Security Governance Frameworks Here is a set of guidelines defined which are aimed at helping the organization leverage cloud computing in a way to meet the business objectives without compromising the overall IG profile.
• Define the business objectives first. After that select the appropriate cloud provider which can meet the business objectives.
• During the project documentation phase, identify the appropriate roles and responsibilities related to the system and document the same way with details for any internally focused systems. Appropriately designed and managed multi-tenant services can act even more securely than the traditional on-premise infrastructure as the vendor has the full sovereignty to the system.
Likewise, that discrete condominium units can be constructed in a secure manner with hard walls and robust locks in a shared community/infrastructure, multi-tenant cloud services can also be designed to partition user data and protect it against internal and external security threats and failures.

Conclusions and Future Study
Cloud computing acceptance is on the rise every year, and it doesn't take long to see why.
Enterprises know and recognize the cloud computing benefits and understand how they influence their bottom-line (production, collaboration, security, and revenue). By adopting a cloud-based solution, an enterprise can stop a lot of problems that wave the organizations by relying on traditional on-premises infrastructure. Cloud implementation increases every year since companies understand that technology offers them access to outstanding enterprise technology.
And, implementing a cloud solution today, may bring the organization ahead of the competitors. Now if the organization is leaned more towards the public, private or hybrid cloud is a substance of individual choice. One can only achieve the desired result when service providers guarantee reliability, elasticity, scalability, and billed usage. An organization's board and members are responsible and accountable to shareholders, regulators, and customers for designing and developing a suitable framework of standards, procedures, and activities that, together, make

INFORMATION GOVERNANCE FOR THE IMPLEMENTATION OF CLOUD COMPUTING 26
certain the organization is benefited securely from Cloud computing. Additionally, organizations must acclimate their existing IT governance to include cloud computing. IT organizations must show leadership to endorse information security governance, overwhelm user resistance, and develop a sound ethical framework that promises independence from external compulsion.