Cloud Computing Strategies for the CIOEmail Alerts
-
ENISA offers governance guide for cloud computing contracts
European agency provides framework for monitoring cloud provider security after a contract is signed. News | 04 Apr 2012
-
How CloudFlare’s website service protected LulzSec
The LulzSec hacking group signed used CloudFlare to protect its website. CloudFlare CEO Matthew Prince shared how the service defended the site against attacks. News | 07 Mar 2012
-
Plan ahead for cloud computing breaches in cloud contracts, experts say
Organizations need to plan ahead for possible cloud breaches, legal experts advise. News | 29 Feb 2012
-
Cloud computing security issues on tap at RSA Conference 2012
Data privacy, cloud security standards among the topics to be discussed. News | 16 Feb 2012
-
Panel debates cloud computing governance issues
Problems with data governance in the cloud aren’t much different than traditional outsourcing. News | 27 Jan 2012
-
Cloud availability and resiliency: Planning for failure
Gartner advises companies to take responsibility for cloud service resiliency. News | 29 Jul 2011
-
Cloud computing contracts and security’s role
Security teams need to be involved in the contract process to ensure data security provisions are included. News | 21 Jun 2011
-
Shabby cloud computing SLAs and other cloud security mistakes
Security consultant offers up list of missteps companies should avoid in cloud security. News | 02 Jun 2011
-
Terremark on cloud computing risks, legal subpoenas
Mario Santana, vice president of secure information services, talks about security risks unique to the cloud, how Terremark addresses them, and how it responds to subpoenas. News | 22 Mar 2011
-
Cloud computing compliance: Visibility key
Transparency is essential for security and compliance when working with cloud services providers, RSA panelists say. News | 17 Feb 2011
- See More: News on Cloud Computing SLAs and Legal Issues
-
Demystifying the Patriot Act: Cloud computing impact
An examination of the rules for federal data access shows that it’s actually a complex, difficult process. Tip
-
Are cloud providers HIPAA business associates?
Deciding whether your cloud provider is a business associate comes down to a judgment call based on the type of cloud usage. Tip
-
The proposed EU data protection regulation and its impact on cloud users
Cloud customers and cloud providers would face stricter data security requirements under draft European regulation. Tip
-
Stepping carefully into health care cloud computing
Health care providers must plan any cloud migration carefully to protect patient safety and maintain HIPAA compliance. Tip
-
Cloud contracts: Cloud computing pricing
The unpredictability of cloud service pricing can make budgeting difficult for CIOs and CISOs. Tip
-
Planning for cloud e-discovery: functions and procedures
Companies need to plan ahead for how they will gather evidence in the cloud. Tip
-
E-Discovery Cloud Considerations
What happens if your company needs to preserve evidence stored with a cloud provider? Tip
-
Cloud risk assessment: Data center security and resiliency
How do you determine if a cloud provider’s data center has the level of redundancy and resiliency your company needs? Tip
-
Cloud risk management: Managing the risk of cloud outages
Companies need to prepare for the eventuality of cloud service interruptions. Tip
-
Cloud computing contracts and cloud outages
An examination of what cloud providers offer customers in the event of service interruption. Tip
- See More: Tips on Cloud Computing SLAs and Legal Issues
-
Soc 3 (Service Organization Control 3)
A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls in security, availability, processing integrity, confidentiality or privacy. Definition
-
Soc 1 (Service Organization Control 1)
A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements. Definition
-
SSAE 16
SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service compan... Definition
-
CloudAudit
CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks. The specification provides a standard way to present and share detailed, automated statistics about performan... Definition
-
Cloud Security Alliance (CSA)
The Cloud Security Alliance (CSA) is a nonprofit organization that promotes best practices for securing cloud computing and provides information on the ability of cloud computing to secure other forms of computing. The industry group also provides se... Definition
-
David Navetta on cloud computing contracts, cloud computing breaches
In this video interview at RSA Conference 2012, David Navetta, founding partner of the Information Law Group, talks about key issues with cloud contracts. Video
-
Podcast: Ensuring security in a SaaS contract
In this interview, Mike Hamilton, CISO for the city of Seattle, talks about the city’s SaaS toolkit and how it ensures the SaaS it buys is secure. Podcast
-
Demystifying the Patriot Act: Cloud computing impact
An examination of the rules for federal data access shows that it’s actually a complex, difficult process. Tip
-
ENISA offers governance guide for cloud computing contracts
European agency provides framework for monitoring cloud provider security after a contract is signed. News
-
Soc 3 (Service Organization Control 3)
A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls in security, availability, processing integrity, confidentiality or privacy. Definition
-
Soc 1 (Service Organization Control 1)
A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements. Definition
-
SSAE 16
SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service compan... Definition
-
David Navetta on cloud computing contracts, cloud computing breaches
In this video interview at RSA Conference 2012, David Navetta, founding partner of the Information Law Group, talks about key issues with cloud contracts. Video
-
How CloudFlare’s website service protected LulzSec
The LulzSec hacking group signed used CloudFlare to protect its website. CloudFlare CEO Matthew Prince shared how the service defended the site against attacks. News
-
Plan ahead for cloud computing breaches in cloud contracts, experts say
Organizations need to plan ahead for possible cloud breaches, legal experts advise. News
-
Cloud computing security issues on tap at RSA Conference 2012
Data privacy, cloud security standards among the topics to be discussed. News
-
Are cloud providers HIPAA business associates?
Deciding whether your cloud provider is a business associate comes down to a judgment call based on the type of cloud usage. Tip
- See More: All on Cloud Computing SLAs and Legal Issues
About Cloud Computing SLAs and Legal Issues
Service level agreements are critical when working with a cloud service provider to ensure enterprise security and compliance requirements are fulfilled and security responsibilities are clearly delineated. Find tips on negotiating cloud computing SLAs that protect your organization. Also learn about cloud computing legal issues in hosted environments such as data location and contract termination.