Cloud Computing Strategies for the CIOEmail Alerts
-
Are cloud providers HIPAA business associates?
Deciding whether your cloud provider is a business associate comes down to a judgment call based on the type of cloud usage.Tip
-
Eye On: Cloud Compliance
SearchSecurity.com's "Eye On" series looks at the emerging compliance issues due to the explosion of enterprise adoption of cloud computing services.News | 23 Jan 2012
-
FedRAMP cloud computing standards initiative spurs optimism, criticism
Federal cloud security framework aims to speed cloud security assessments and agency cloud adoption.News | 12 Jan 2012
-
Stepping carefully into health care cloud computing
Health care providers must plan any cloud migration carefully to protect patient safety and maintain HIPAA compliance.Tip
-
NIST guidance cites cloud security gaps, need for standards
The NIST roadmap was designed to foster government cloud adoption but is helpful for private businesses as well.Tip
-
Cloud Controls Matrix
The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.Definition
-
Cloud risk management: CSA on its Cloud Controls Matrix
Co-chair of CSA project talks about the CCM and how organizations can leverage it.News | 03 Oct 2011
-
E-Discovery Cloud Considerations
What happens if your company needs to preserve evidence stored with a cloud provider?Tip
-
Amazon launches U.S. government cloud
AWS GovCloud supports ITAR compliance requirements.News | 17 Aug 2011
-
Cloud computing and health care DR planning
Downtime is bad for any company, but in health care it can have devastating consequences. Understand how the cloud impacts your disaster recovery plans.Tip
- VIEW MORE ON : Regulations
-
CSA launches cloud security certification initiative for service providers
Plan calls for working with certification bodies, government agencies, as well as an independent CSA certification.News | 10 May 2012
-
Trusted Cloud Initiative
The Trusted Cloud Initiative is a program of the Cloud Security Alliance industry group created to help cloud service providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations and practices.Definition
-
SSAE 16
SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls.Definition
-
Tim Rains on cloud computing security standards, provider transparency
In this video from RSA Conference 2012, Microsoft’s Tim Rains talks about emerging cloud security standards efforts and customers need for visibility into cloud provider security.Video
-
CSA at RSA 2012: International cloud computing security standards needed
Cloud providers and security experts discuss need for uniform rules that apply across international boundariesNews | 27 Feb 2012
-
Development of NIST cloud security guidelines a complex process
Several public-private partnerships are working to develop specifications to support the NIST roadmap.Tip
-
Using SSAE 16 standard, SOC reports to assess cloud provider security
The SAS 70 report has been replaced by the SSAE 16, but how does it stack up as a tool to measure a provider’s security?Tip
-
Cloud computing security issues on tap at RSA Conference 2012
Data privacy, cloud security standards among the topics to be discussed.News | 16 Feb 2012
-
FedRAMP cloud computing standards initiative spurs optimism, criticism
Federal cloud security framework aims to speed cloud security assessments and agency cloud adoption.News | 12 Jan 2012
-
Federal officials launch cloud computing security standards initiative
FedRAMP establishes standard approach for federal agencies to assess cloud providers.News | 08 Dec 2011
- VIEW MORE ON : Standards
-
Demystifying the Patriot Act: Cloud computing impact
An examination of the rules for federal data access shows that it’s actually a complex, difficult process.Tip
-
Soc 3 (Service Organization Control 3)
A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls in security, availability, processing integrity, confidentiality or privacy.Definition
-
SSAE 16
SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls.Definition
-
Soc 1 (Service Organization Control 1)
A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.Definition
-
ENISA offers governance guide for cloud computing contracts
European agency provides framework for monitoring cloud provider security after a contract is signed.News | 04 Apr 2012
-
David Navetta on cloud computing contracts, cloud computing breaches
In this video interview at RSA Conference 2012, David Navetta, founding partner of the Information Law Group, talks about key issues with cloud contracts.Video
-
How CloudFlare’s website service protected LulzSec
The LulzSec hacking group signed used CloudFlare to protect its website. CloudFlare CEO Matthew Prince shared how the service defended the site against attacks.News | 07 Mar 2012
-
Plan ahead for cloud computing breaches in cloud contracts, experts say
Organizations need to plan ahead for possible cloud breaches, legal experts advise.News | 29 Feb 2012
-
Cloud computing security issues on tap at RSA Conference 2012
Data privacy, cloud security standards among the topics to be discussed.News | 16 Feb 2012
-
Are cloud providers HIPAA business associates?
Deciding whether your cloud provider is a business associate comes down to a judgment call based on the type of cloud usage.Tip
- VIEW MORE ON : Negotiating and SLAs
-
PCI virtualization compliance still a challenge
No black and white when it comes to PCI compliance in virtualized environments, experts say.News | 09 May 2012
-
PCI virtualization compliance: Three steps for PCI compliance in the cloud
PCI compliance in the cloud is tough but implementing these strategies can help.Tip
-
PCI in the cloud: Segmentation, security compliance is possible, experts say
Merchants are ultimately responsible for locking down credit card data and maintaining PCI compliance, according to experts.News | 20 Jan 2012
-
Private cloud computing security issues
Don’t overlook the risks of private cloud deployments. Here are five security issues to consider.Tip
-
Cloud Controls Matrix
The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.Definition
-
PCI and cloud computing: Cloud computing compliance guide
This SearchClouldSecurity.com cloud computing compliance guide discusses several aspects of PCI and cloud computing, including virtualization in the cloud, what you need to know about compliance and cloud providers, Web security in the cloud and log management.Tutorial
-
PCI DSS Requirements for Cloud Computing
Find resources related to PCI cloud computing issues, including how to ensure your company meets PCI DSS requirements when working with a cloud provider.Tutorial
-
What the PCI virtualization guidance means for PCI compliance in the cloud
The PCI council’s recent guidance on virtualization shows that PCI compliance is a shared responsibility in the cloud.Tip
-
PCI virtualization report cites challenges with PCI compliance in the cloud
Compliance with the PCI security standard tricky in public cloud environments, report says.News | 15 Jun 2011
-
PCI virtualization: New guidelines, harder compliance
New guidelines on virtualization issued by the PCI SSC show PCI compliance is possible within a virtualized environment, but may not be feasible.News | 14 Jun 2011
- VIEW MORE ON : PCI and the Cloud
-
CSA launches cloud security certification initiative for service providers
Plan calls for working with certification bodies, government agencies, as well as an independent CSA certification.News | 10 May 2012
-
Soc 2 (Service Organization Control 2)
A Service Organization Control 2 (Soc 2) reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.Definition
-
Countering cloud computing threats: Malicious insiders
Learn the questions to ask in order to vet your cloud provider’s hiring practices and administrative controls.Tip
-
HIPAA cloud computing advice: Ensuring cloud computing compliance
How can an enterprise ensure their cloud service provider is compliant with HIPAA? This HIPAA cloud computing guide offers advice on how to ensure cloud computing compliance.Tutorial
-
CSP security: Industry groups work to improve cloud transparency
Organizations need insight into their cloud providers’ security. Industry groups are tackling the cloud transparency challenge.Tip
-
Jim Reavis on cloud transparency, cloud security trends
In this video from RSA Conference 2012, CSA Executive Director Jim Reavis talks about the group’s projects and building cloud security trust.Video
-
Development of NIST cloud security guidelines a complex process
Several public-private partnerships are working to develop specifications to support the NIST roadmap.Tip
-
Security, Trust and Assurance Registry (STAR)
The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls.Definition
-
Using SSAE 16 standard, SOC reports to assess cloud provider security
The SAS 70 report has been replaced by the SSAE 16, but how does it stack up as a tool to measure a provider’s security?Tip
-
Panel debates cloud computing governance issues
Problems with data governance in the cloud aren’t much different than traditional outsourcing.News | 27 Jan 2012
- VIEW MORE ON : Evaluating Providers
-
Soc 1 (Service Organization Control 1)
A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.Definition
-
HIPAA cloud computing advice: Ensuring cloud computing compliance
How can an enterprise ensure their cloud service provider is compliant with HIPAA? This HIPAA cloud computing guide offers advice on how to ensure cloud computing compliance.Tutorial
-
Verizon sheds some light on cloud breaches
Verizon says cloud breaches are more about giving up control of assets rather than technology vulnerabilities.News | 28 Mar 2012
-
Security pros need to get in front of cloud computing trend, RSA panel says
Security teams need to innovate and adapt to cloud, according to CISO panelNews | 29 Feb 2012
-
Cloud outages and cloud computing breaches: Lessons learned
Recent incidents illustrate the need for redundancy and provider security reviewsTip
-
Cloud computing risk management: Assessing key risks of cloud computing
This guide discusses cloud computing risk management; how to prepare for cloud outages, conduct a cloud risk assessment, and evaluate cloud providers.News | 22 Nov 2011
-
Coviello talks about building a trusted cloud, resilient security
Security needs to change in order to defend against targeted attacks, RSA chairman says.News | 16 Nov 2011
-
Researchers uncover AWS security vulnerabilities
Amazon says vulnerabilities were fixed and no customers were affected.News | 27 Oct 2011
-
Planning for cloud e-discovery: functions and procedures
Companies need to plan ahead for how they will gather evidence in the cloud.Tip
-
Cloud computing and health care DR planning
Downtime is bad for any company, but in health care it can have devastating consequences. Understand how the cloud impacts your disaster recovery plans.Tip
- VIEW MORE ON : Incident Response