Cloud Security Abstract –
This article discusses the importance of understanding Cloud Security Due Diligence and level of effort required for mitigating risks that third-party cloud services (software-as-a-service, infrastructure-as-a-service, and platform-as-a-service) represent to an organization. Depending on the service, it may not be possible to conduct a thorough, direct assessment of the services, which is necessary to ensure securing the organization’s data. To overcome this lack of ability, organizations can default to developing a technology survey that asks questions that are considered important security factors. Additionally, organizations may be able to rely on external auditing firms that attest to the provider’s level of security and internally developed surveys.
Organizations look to move to the cloud to meet various needs that are met by vendors and developers that offer solutions. However, the security provided by the vendors and developers is not necessarily equal. It is important for organizations to understand how their data is being stored and processed by the cloud solution. To do this, it is recommended that security organizations present a survey to the provider that can be used by the business to determine if a given solution is secure enough to meet its needs. In some cases where the cloud service processes financial transactions, it may be necessary to obtain a third-party attestation that validates the security claims the developer/ vendor has in place. It is necessary that the organization do due diligence in protecting the data in the cloud when using cloud-based solutions.
Click the link below to read the full white paper by Chris Wolski
Check out more Cyber security News and Tips Here