One of the great unknowns about cloud computing is the level of security associated with a cloud platform. To address this issue, Agiliance has launched Cloud Risk Management, a service that IT organizations can deploy on their own private cloud infrastructure or on the IT infrastructure of a public cloud computing provider.
According to Agiliance CEO Joe Fantuzzi, the standard for assessing the risks in cloud computing platform is SAS 70, which Fantuzzi says does little to address risk and security issues.
Cloud Risk Management consists of three modules for assessing vulnerabilities, ongoing monitoring and auditing. The first two modules are available now, while the auditing module is awaiting some ratification of a set of cloud computing auditing guidelines being developed by the Cloud Security Alliance.
Fantuzzi says that when a IT organization moves to a private and public cloud infrastructure running virtual machine software, visibility over governance, risk management and compliance (GRC) issues diminishes greatly. As a result, Fantuzzi says the divide between IT operations and security information management becomes even wider.
While there are no formal processes for auditing cloud computing platforms, Fantuzzi says that the Agiliance service will go a long way toward not only providing some real world information about a platform's level of cloud readiness, but for the first time some real transparency into the operations of a cloud computing provider as it relates to GRC.
The price of the Cloud Risk Management service starts at $37,500 a year.