Cloud computing is a disruptive technology that has the potential to enhance collaboration, agility, scaling, and availability. However, the confusion, cloudwashing, fear, and general concerns about trust temper the excitement. As described in Gartner’s “Agenda Overview for Cloud Computing, 2014” balancing the value against the concerns is a key part of any cloud strategy.
The critical threats identified by Clouds Security Alliance’s Top Threats 2013 include data breaches, data lass, account hijacking, insecure APIs, denial of service, malicious insiders, abuse of cloud services, insufficient due diligence, and shared technology issues.
The risk associated with cloud computing are no different than those applicable to IT environment within organization. The difference may originate from cloud service model, technologies, operations model, and users; in short people, process, and technology used in cloud deployment decides the security requirements.
IrisLogic with the help of approach developed by Cloud Security Alliance, NIST, ISO guidance, PCI, etc. have designed the cloud security controls implementation methodology that fit the organization needs and business objectives, and complies with laws and regulatory compliance requirements. The methodology is risk based and considers top risks to balance the cloud security costs vis-à-vis business goals.
IrisLogic services include:
- Implementing ISO 27001, CSA STAR Certification, NEN 7510, SOC1. SOC2, NIST, etc.
- Cloud compliance for sensitive data – PCI DSS, SOX, GLBA, HIPAA, HITECH, EU Data Protection Directive, FERPA, etc.
- Data privacy and security by design
- Cloud security architecture
- Cloud audits, reviews, and assurance’
- Cloud application security
- Compliance with cloud regulations – APEC Privacy Framework, COPPA, Safe Harbor, Personal Data Protection Act (PDPA), etc.