Sorry, no posts matched your criteria.
Harun Al Rasyid, President of ISACA Indonesia Chapter 2025–2027, delivers a presentation on optimizing COBIT for cloud governance using an internal control approach during a public lecture hosted by the Department of Information Technology, ITS.
Surabaya, IT Journalistic — On Thursday morning, Institut Teknologi Sepuluh Nopember (ITS) hosted a public lecture that bridged academic perspectives with industry practices in information technology governance. The Department of Information Technology (DTI) ITS organized a public lecture titled “Optimizing COBIT for Cloud Governance Using an Internal Control Approach,” attended by students from various academic years as well as members of the public. The topic of cloud security and governance has become increasingly relevant as the demand for skilled professionals in this field continues to grow alongside Indonesia’s rapid digital transformation.
The main attraction of the event was the distinguished guest speaker, Harun Al Rasyid, President of ISACA Indonesia Chapter for the 2025–2027 term and Founder & Partner of Inditech (PT Insan Dikara Technology). Drawing upon more than two decades of experience in the IT industry and numerous professional certifications—including CISA, CDPSE, CEH, COBIT 2019, ISO 27001 Lead Auditor, and ISO 42001 Lead Implementer—he guided participants through the principles of managing cloud services in a way that is measurable, secure, and accountable.
The discussion was moderated by Deka Julian Arrizki, S.Kom., M.Kom., who ensured an engaging and interactive session throughout the event.
Participants attend the public lecture “Optimizing COBIT for Cloud Governance Using an Internal Control Approach,” featuring an interactive discussion on cloud governance and security practices.
The lecture opened with an overview of the rapidly expanding global cloud computing market. According to the data presented, the global cloud computing market is projected to grow from approximately USD 753 billion in 2024 to more than USD 5.15 trillion within the next decade. The information technology and telecommunications sector remains the largest contributor, accounting for around 23.7 percent of the market share.
Despite these promising figures, Harun emphasized that Indonesia faces unique challenges in cloud adoption. Issues such as data sovereignty, shortages of cloud-skilled talent, bandwidth limitations, security concerns, cost considerations, and dependence on a single provider (vendor lock-in) continue to hinder broader implementation. He stressed that cloud migration should not be viewed solely as a technical endeavor; governance aspects are often the determining factor in its success.
One of the most engaging parts of the lecture focused on the Three Lines Model (3LoM) developed by The Institute of Internal Auditors. Harun explained that governance initiatives can only succeed when responsibilities are clearly defined.
The first line is directly responsible for operational risks, the second line oversees risk management and compliance frameworks, while the third line provides independent assurance through internal audits. Although these three lines should collaborate closely, he highlighted the importance of maintaining distinct roles and responsibilities.
Harun also discussed the shared responsibility model between Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs). He explained that the distribution of responsibilities varies depending on the service model: customers bear greater responsibility in Infrastructure as a Service (IaaS), responsibilities are more balanced in Platform as a Service (PaaS), and providers assume a larger share in Software as a Service (SaaS). Therefore, clearly defining responsibilities in contractual agreements is essential.
The core of the lecture examined the implementation of COBIT 2019 as a framework for cloud governance. Harun described the framework’s 40 governance and management objectives—consisting of five governance objectives within the EDM domain and 35 management objectives across APO, BAI, DSS, and MEA domains—and connected them to the cloud reference architecture defined in ISO 22123-3:2023 and risk management processes.
Participants were guided through governance workflows covering risk identification, assessment, treatment, monitoring, reporting, and continuous improvement. Common cloud-related risks—including data breaches, misconfigurations, non-compliance with Indonesia’s Personal Data Protection Law and GDPR, as well as vendor lock-in—were mapped to relevant COBIT controls and accountability structures.
To illustrate practical implementation, Harun presented a PaaS governance case study utilizing AWS Organizations and monitoring services such as CloudTrail, Config, and Security Hub.
When participants inquired about future career prospects, Harun emphasized the wide range of opportunities available within cloud governance.
First-line roles include Cloud Engineer, DevOps Engineer, Site Reliability Engineer (SRE), and SOC Analyst. Second-line positions include Risk Manager, GRC Analyst, Cloud Security Architect, and Chief Information Security Officer (CISO). Meanwhile, third-line functions encompass careers such as IT Auditor, Cloud Auditor, and Penetration Tester.
To pursue these career paths, he encouraged students to strengthen their foundations in AWS, Azure, and Google Cloud Platform (GCP), while also developing skills in Python, Terraform, Kubernetes, ISO 27001/27017, and COBIT 2019.
According to Harun, these competencies are closely linked to the vision of Indonesia Emas 2045, when Indonesia is expected to become one of the world’s top 20 digital economies and require more than 15 million digital talents. He concluded by emphasizing that cloud computing is fundamentally about trust, and today’s young generation has the opportunity to become the guardians of that trust.
The audience remained highly engaged throughout the question-and-answer session. Most questions focused on how students can prepare themselves during their university years, which certifications should be prioritized, and the differences between operational, governance, and audit-related career paths.
This public lecture aligns with DTI ITS’s commitment to supporting the Sustainable Development Goals (SDGs), particularly Quality Education (SDG 4) by connecting students directly with national industry practitioners, and Industry, Innovation, and Infrastructure (SDG 9) by introducing modern cloud governance frameworks and technologies.
Reporter : Nisrina Bilqis
=================================================================
Information provided by :
Department of Information Technology
Website: its.ac.id/it
Instagram: its_teknologi_informasi
Youtube: Teknologi Informasi ITS