SUBSCRIBE TO
CONTINUITY BRIEFING


Business continuity news

Never miss a news story: signup for our free weekly email newsletter.

REGIONAL PORTALS
Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

Business Continuity books

In Hindsight - A compendium of Business Continuity case studies

Add to Google  

Use Google?
Click the button to add Continuity Central news to your Google home page
.

Follow us on Twitter  

Get immediate news
and information updates via our Twitter feed.

SUBMIT YOUR NEWS
To submit news stories to Continuity Central, e-mail the editor.

NEWSFEED
Want an RSS newsfeed for your website? Click here

OUR COOKIE POLICY
Before using this website ensure that you understand and accept our cookie policy. More details

Four steps for minimising cloud deployment risks

Companies are no longer tolerant of security-and-compliance teams telling them they cannot go to the cloud: instead risk teams must learn how to adapt to the cloud environment. This is the view of John Overbaugh, managing director of Security Services at Caliber Security Partners.

Writing for http://www.isaca.org, Mr. Overbaugh suggests
four steps for organizational risk leaders to follow to help their companies adopt cloud technologies while minimizing overall risk:

1. Adopting and adapting application-security-assessment tools. Questionnaires for cloud services need to go beyond the standard set of questions and dig into important questions like framework compliance, monitoring/reporting, and even secure-development practices. By devising (or revising) questionnaires that help uncover where risk will be transferred successfully, where the client will need to mitigate risk, and where risk will be accepted, teams enable their companies to benefit from cloud efficiencies while retaining relevance in the conversation.

2. Recognizing that going to the cloud has benefits. Yes, it involves some transfer of risk, for instance, physical access control and disaster recovery. And other data center / centre controls traditionally owned by the company get transferred to the cloud provider. But these risk transfers should not be made blindly. Cloud customers should have their providers document how they manage these risks and attest to or provide appropriate proof of compliance. In the end, the transfer of these risks can often be financially advantageous.

3. Redefining controls required for risk mitigation. In IAAS and PAAS environments, controls such as encryption-at-rest are absolutely required for sensitive data. (In many organizations, data-at-rest has been ‘overlooked’ because data centers/ centre provide compensating controls that prevent physical access to sensitive data.) Strict controls on administrative access to systems and resources need to be implemented and validated regularly to ensure cloud providers are not able to gain unauthorized access. In SAAS environments, strong monitoring and reporting tools must be made available to the client for the very same reason.

4. Educating IT and business leaders on risks being accepted. Risk managers are, by nature, extremely risk averse and the idea of accepting risk is a scary one. But businesses accept risk all the time (often unknowingly). By identifying risk and alerting leaders, risk managers can help the business put risk into business contexts so leaders can make informed decisions.

Read the full article here.

•Date: 12th February 2014 • World •Type: Article • Topic: Cloud computing

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

BCM software

BCM software

Phoenix

Business continuity software

The Business Continuity and Resiliency Journal