Big Data, Unstructured Data, and the Cloud: Perspectives on Internal Controls

  • David SimmsEmail author
Part of the Modeling and Optimization in Science and Technologies book series (MOST, volume 4)


The concepts of cloud computing and the use of Big Data have become two of the hottest topics in the world of corporate information systems in recent years. Organizations are always interested in initiatives that allow them to pay less attention to the more mundane areas of information system management, such as maintenance, capacity management, and storage management, and free up time and resources to concentrate on more strategic and tactical issues that are commonly perceived as being of higher value. Being able to mine and manipulate large and disparate datasets, without necessarily needing to pay excessive attention to the storage and management of all the data that are being used, sounds in theory like an ideal situation. A moment’s consideration reveals, however, that the use of cloud computing services, like the use of outsourcing facilities, is not necessarily a panacea. Management will always retain responsibility for the confidentiality, integrity, and availability of its applications and data, and being able to develop the confidence that these issues have been addressed. Similarly, the use of Big Data approaches offers many advantages to the creative and the visionary, but such activities do require an appropriate understanding of risk and control issues.


Service Provider Cloud Computing Cloud Service Service Organization Unstructured Data 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Marr, B.: Is This the Ultimate Definition of “Big Data” ?, (accessed September 2, 2013)
  2. 2.
    Bojilov, M.: Big Data Defined. In: ISACA Now (2013), (accessed September 2, 2013)
  3. 3.
    Manyika, J., Chui, M., Brown, B., Bughin, J., Dobbs, R., Roxburgh, C., Hung Byers, A.: Big data: the next frontier for innovation, competition and productivity. McKinsey Global Institute, Washington DC (2011)Google Scholar
  4. 4.
    Blumberg, R., Atre, S.: The Problem with Unstructured Data. DM Review (2003)Google Scholar
  5. 5.
    National Institute of Standards and Technology. The NIST Definition of Cloud Computing. Special Publication 800-145, NIST, Gaithersburg (2011)Google Scholar
  6. 6.
    Committee of Sponsoring Organizations of the Treadway Commission. Guidance on Monitoring Internal Control Systems. AICPA, New York (2009)Google Scholar
  7. 7.
    Krutz, R., Vines, D.: Cloud Security: A Comprehensive Guide to Secure Cloud Computing. Wiley Publishing Inc., Hoboken (2010)Google Scholar
  8. 8.
    Internal Standards Organization. ISO/IEC 27001 Information Technology - Security Techniques – Information Security Management Systems. ISO/IEC, Geneva (2005)Google Scholar
  9. 9.
    National Institute of Standards and Technology, Information Security. Special Publication 800-100. NIST, Gaithersburg (2006)Google Scholar
  10. 10.
    Parker, D.: Toward a New Framework for Information Security. In: Bosworth, S., Kabay, M. (eds.) Computer Security Handbook, 4th edn. John Wiley & Sons, New York (2002)Google Scholar
  11. 11.
    Organisation for Economic Co-operation and Development (2002) OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, (accessed January 8, 2014)
  12. 12.
    Adolph, M.: Distributed Computing: Utilities, Grids and Clouds. ITU-T Technology Watch Report 9, ITU, Geneva (2009)Google Scholar
  13. 13.
    Gantz, J., Reinsel, D.: Extracting Value from Chaos. IDC iView (2011)Google Scholar
  14. 14.
    Information Systems Audit and Control Association, Big Data: Impacts and Benefits. ISACA, Chicago (2013)Google Scholar
  15. 15.
    Bittman, T.: A Better Cloud Computing Analogy. Gartner Blogs (2009), (accessed January 8, 2014)
  16. 16.
    Information Systems Audit and Control Association, Security Considerations for Cloud Computing. ISACA, Chicago (2012)Google Scholar
  17. 17.
    Ghernaouti-Hélie, S., Tashi, I., Simms, D.: Optimizing security efficiency through effective risk management. Paper presented at the 25th IEEE International Conference on Advanced Information Networking and Applications (AINA 2011), Biopolis, Singapore, March 22-25 (2011)Google Scholar
  18. 18.
    American Institute of Certified Public Accountants, Quick Reference Guide to Service Organizations: Control Reports. AICPA, New York (2012)Google Scholar
  19. 19.
    American Institute of Certified Public Accountants, Service Organizations: Reporting on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting Guide. AICPA, New York (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Haute Ecole de CommerceUniversity of LausanneLausanneSwitzerland

Personalised recommendations