GRC in the Era of Cloud-Computing in Australia.

The transition to utilising cloud-based solutions enables businesses to enhance scalability and flexibility in their operations. It also brings with it considerable GRC and ESG challenges. The largest proposed changes to the Australian Privacy Act 1988 will be tabled in Parliament this August regarding data breaches and potential related fines. Some of the changes include:

Attorney General Mark Dreyfus stated during a speech at CyberCX 2024 during the Privacy by Design Awards on May 2 that the government is also considering requiring entities to have minimum and maximum data retention periods for personal data and ensuring these are stated in their privacy policies. Additionally, many Australian businesses must comply with the GDPR and other international data privacy regulations. Being able to perform GRC and ESG with the scalability and flexibility required of cloud-based computing will require businesses to adopt the use of SaaS-based GRC, ESG, and cyber security solutions.

Risk management in a cloud-first world is also a concern. It will require businesses to consider the inherent risks of cloud-based computing, data breaches, compliance challenges, and loss of control of IT operations. To deal with these challenges, a robust management strategy will need to be developed to ensure that cloud-specific risks are added to the risk management frameworks. Ensuring regular assessments of cloud security best practices and clear communications with cloud-based service providers is essential. By ensuring best cloud-based practices are revisited and clear, open communication with cloud-based providers is maintained, Australian businesses will be able to mitigate the risks and receive the ability to innovate and thrive within the cloud.

GRC has become intrinsically linked to corporate social responsibility (CSR) and sustainable business practices within Australia and internationally. Many Australian businesses use cloud-based computing not just for operations but also to meet their CSR and sustainability commitments. This approach helps minimise their carbon footprint by reducing direct energy usage and e-waste generation. Cloud-based services also allow businesses to scale up and down their indirect energy requirements based on the demand for their IT operations. The cloud also offers the opportunity to monitor and collect ESG data and automate reporting, making it easier for organisations to meet their regulatory obligations. The cloud must be viewed with some scrutiny, however, as it relies on vast data centres to function. In 2020, 3–4% of the world’s global emissions came from the digital sector and 1% from data centres. It will be up to Australian businesses to communicate with their cloud provider as to what they are doing to ensure that their provider is working towards using renewable energy to power their data centres, reducing water usage and e-waste from their data centres. This is especially important with IFRS S1 and S2-influenced reporting becoming mandatory, requiring them to consider the impacts of cloud services on their supply chains.

During the cloud-first era, Australian businesses face challenges in meeting GRC requirements. Businesses are effectively addressing these challenges by incorporating efficient risk management, cloud best practices, SaaS cybersecurity, ESG, and GRC solutions, like we at Sustainable. IT can provide through our partnerships. The implementation of cloud-based IT infrastructure has also brought the opportunity for Australian businesses to innovate, meet rapidly changing marketing demands, and improve CSR and environmental sustainability.

Transitioning to cloud solutions enhances operational scalability and flexibility, but introduces GRC and ESG challenges. Effective risk management and sustainable practices are vital for compliance and innovation.