Data analytics has helped to revolutionise measurement, assessment and monitoring of risks, effectiveness of controls. Data Analytics is among the top priorities for auditors and risk managers.

In the dynamic world of cloud computing traditional audit approach, which is based on physical reviews and sampling is not effective. Lack of physical visibility of public cloud infrastructure impacts traditional data center audit approach.

There are many cloud service provider (CSP) and third party tools in the market for measuring cloud performance, security metrics and operational intelligence. These tools provide the ability to analyse massive machine generated data with intuitive visual presentations.

CASBs can be used to provide customised dashboards to support analytics required for risk management

Auditing new risks in cloud computing SaaS, PaaS and IaaS  models require identifying new Key Risk Indicators (KRI’s), Security Attributes and Control Points.  Cloud Consumers may have Security Operation Centers (SOCs) set up to monitor security events (SIEMs).

New opportunities are open to audit and compliance stakeholders to leverage cloud to audit cloud with its rapid elasticity (start with small GRC automation environment in cloud and grow) and pay per use characteristics.