Transparency and Continuous Monitoring
Every cloud service is run by human beings, regardless of the level of automation, and without question, humans will make mistakes. Sometimes these mistakes will violate compliance requirements and open up a vulnerability or attack vector. If your provider only audits annually for compliance, this could present a very big risk. This risk is best addressed by continuous monitoring technologies. Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. These tools will identify changes to the environment that create threats or violate compliance standards in near real time. Ask your vendor(s) what tools they use for continuous monitoring and what their policies are for notifying customers of noncompliance events and incidents. Also ask about compliance services for monitoring your VMs and data in addition to the infrastructure.
5 Ways to Keep Mission-Critical Data Safe in the Cloud
5 Ways to Keep Mission-Critical Data Safe in the Cloud
Before any company moves to the cloud, an inevitable question is asked: Will our data be secure? A 2014 IBM study found that while 85 percent of chief information security officers (CISOs) believe their company's move to the cloud is imminent, more than 40 percent also believe a significant security breach will happen at a major cloud provider.
As businesses shift their mission-critical workloads to the cloud, IT departments are tasked with not only managing company data, but also securing it. Choosing a cloud service provider that fits your security strategy is key. IT Business Edge recently spoke with Sean Jennings, co-founder and SVP of solutions architecture at Virtustream, who shared five cloud security and compliance tips for IT leaders as they transition their companies to the cloud.
