Cloud Computing Strategies for the CIO
Email Alerts
-
Understanding the CSA Cloud Controls Matrix and CAIQ
Diana Kelley explains how the CSA Cloud Controls Matrix and the CAIQ can be used to assess cloud providers' controls and risk models. Feature
-
Assessing the value of cloud security threat intelligence services
Are cloud threat intelligence services worth the investment? Diana Kelley discusses whether they're really needed and eight key assessment questions. Feature
-
Experts: Use tools, research to gauge cloud service provider security
To be successful, cloud service provider security assessments must include honestly communicating about the services they offer, said experts. Feature
-
HIPAA cloud computing advice: Ensuring cloud computing compliance
How can an enterprise ensure their cloud service provider is compliant with HIPAA? This HIPAA cloud computing guide offers advice on how to ensure cloud computing compliance. Tutorial
-
AWS FedRAMP certification fast-tracks Amazon cloud for U.S. government
AWS becomes the biggest cloud provider to earn FedRAMP certification, easing the transition to AWS for U.S. government agencies. News | 23 May 2013
-
CSA offers new initiatives to address SMB cloud security issues
In response to growing SMB cloud security issues, the Cloud Security Alliance announced a new working group and membership level focused on SMBs. News | 26 Apr 2013
-
Cloud security panel discusses transparency, Notorious Nine at RSA
A panel of cloud security experts fielded questions on cloud provider transparency, the CSA's Notorious Nine report and more at RSA Conference 2013. News | 01 Mar 2013
-
CSA updates push toward cloud provider security assurance at 2013 CSA Summit
The Cloud Security Alliance expanded its cloud security training and cloud provider security assurance efforts Monday at its 2013 CSA Summit. News | 25 Feb 2013
-
AWS re:Invent 2012 IT pros have few cloud computing security concerns
IT pros praised the security of Amazon Web Services, saying the show eased their cloud computing security concerns. News | 30 Nov 2012
-
AWS cloud security model relies on shared security partnership
At its user conference, Amazon Web Services says customers must understand the implications of its shared security model before moving to the cloud. News | 30 Nov 2012
-
Inaugural AWS re:Invent show to highlight AWS security issues
Amazon CEO Jeff Bezos will headline this week's first-ever AWS re: Invent cloud computing conference, where several sessions will cover security issues. News | 28 Nov 2012
-
Trend Micro issues cloud, mobile security assessment tools
Online assessment tests the security posture, but more detailed guidance documents and reports are available from government agencies and organizations. News | 27 Nov 2012
-
Cloud security begins with the contract, says expert
Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro. News | 21 Nov 2012
-
Cloud security issues will only be solved by user demands, CSA chief says
Enterprises must insist transparency, authentication and other key issues are addressed, said Jim Reavis, executive director of the Cloud Security Alliance. News | 03 Oct 2012
- See more News on Evaluating Cloud Computing Providers
-
Can self-managed cloud security controls ease enterprise concerns?
Expert Dave Shackleford details how enterprises can increasingly manage their own cloud security controls with private virtual cloud offerings. Tip
-
Cloud API security risks: How to assess cloud service provider APIs
The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs. Tip
-
The other cloud atlas: Building a cloud service provider inventory
Struggling with rogue cloud usage? Ed Moyle explains how and why a cloud service provider inventory can help manage multiple cloud service providers. Tip
-
How to overcome unique cloud-based patch management challenges
Expert Dave Shackleford discusses how patch management differs in a cloud environment and provides tips for dealing with new patching obstacles. Tip
-
Evaluating cloud-based disaster recovery service options
What considerations should be made when adopting a cloud-based disaster recovery service? Expert Dave Shackleford provides guidance. Tip
-
Vertical cloud providers and cloud transparency
An examination of some vertical-specific CSPs shows security details are hard to find. Tip
-
Cloud computing vendor lock-in: Avoiding security pitfalls
Unscrupulous cloud providers can use security controls to make it hard to switch vendors. Know the questions to ask to avoid cloud lock-in. Tip
-
Countering cloud computing threats: Malicious insiders
Learn the questions to ask in order to vet your cloud provider’s hiring practices and administrative controls. Tip
-
CSP security: Industry groups work to improve cloud transparency
Organizations need insight into their cloud providers’ security. Industry groups are tackling the cloud transparency challenge. Tip
-
Development of NIST cloud security guidelines a complex process
Several public-private partnerships are working to develop specifications to support the NIST roadmap. Tip
- See more Tips on Evaluating Cloud Computing Providers
-
Dropbox security concerns: Time to find secure Dropbox alternatives?
Are Dropbox security concerns serious enough to require enterprise users to switch to secure Dropbox alternatives? Expert Michael Cobb discusses. Answer
-
Minimizing cloud computing threats in the enterprise
In this expert response, Nick Lewis outlines the biggest cloud computing threats, and explains what can be done to mitigate those threats. Ask the Expert
-
Soc 2 (Service Organization Control 2)
A Service Organization Control 2 (Soc 2) reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy. Definition
-
Security, Trust and Assurance Registry (STAR)
The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls. Definition
-
Cloud Controls Matrix
The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider. Definition
-
cloud computing
A cloud service has three distinct characteristics that differentiate it from traditional hosting. It is sold on demand, typically by the minute or the hour; it is elastic -- a user can have as much or as little of a service as they want at any given... Definition
-
On cloud transparency, providers offering 'too much information'
Video: Cloud Security Alliance COO John Howie discusses improvements in providers' efforts at cloud transparency, including when data crosses borders. Video
-
Eric Chiu analyzes version 2 of the PCI DSS cloud computing guidelines
Video: Eric Chiu, president of HyTrust, examines v. 2 of the PCI DSS cloud computing guidelines and offers guidance on cloud customer responsibility. Video
-
Evaluating cloud providers: Avoid security issues with cloud computing
Are security issues with cloud computing blocking an implementation? Expert Davi Ottenheimer offers tips for evaluating cloud providers for security. Video
-
Video: Founder of Common Assurance Maturity Model on CSP rating system
CAMM founder Raj Samani describes CAMM’s vision of a cloud service provider rating system to match customer organizations with CSPs. Video
-
Jim Reavis on cloud transparency, cloud security trends
In this video from RSA Conference 2012, CSA Executive Director Jim Reavis talks about the group’s projects and building cloud security trust. Video
-
Setting the groundwork for IAM in the cloud
This presentation will provide guidance as to some common answers to questions that arise when extending an IAM program to the cloud. Video
-
Countdown: Top five strategies for building a successful cloud IAM architecture
This podcast will count down the top five steps you should take to successfully extend your identity services infrastructure into the cloud. Podcast
-
Cloud computing pros and cons for regulated data
Has your company considered moving regulated data to the cloud? Expert Richard E. Mackey Jr. explains the pros, cons and security challenges of doing so. Video
-
Gartner’s Neil MacDonald on lacking cloud computing security standards
The Gartner VP discusses lacking cloud computing security standards, as well as advice for enterprises seeking to get a handle on cloud computing security. Video
-
Face-off: Assessing cloud computing risks
Security experts Bruce Schneier and Marcus Ranum debate the kinds of risks associated with cloud computing and whether they should be absorbed by the customer. Video
-
AWS FedRAMP certification fast-tracks Amazon cloud for U.S. government
AWS becomes the biggest cloud provider to earn FedRAMP certification, easing the transition to AWS for U.S. government agencies. News
-
Can self-managed cloud security controls ease enterprise concerns?
Expert Dave Shackleford details how enterprises can increasingly manage their own cloud security controls with private virtual cloud offerings. Tip
-
Cloud API security risks: How to assess cloud service provider APIs
The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs. Tip
-
On cloud transparency, providers offering 'too much information'
Video: Cloud Security Alliance COO John Howie discusses improvements in providers' efforts at cloud transparency, including when data crosses borders. Video
-
CSA offers new initiatives to address SMB cloud security issues
In response to growing SMB cloud security issues, the Cloud Security Alliance announced a new working group and membership level focused on SMBs. News
-
Dropbox security concerns: Time to find secure Dropbox alternatives?
Are Dropbox security concerns serious enough to require enterprise users to switch to secure Dropbox alternatives? Expert Michael Cobb discusses. Answer
-
The other cloud atlas: Building a cloud service provider inventory
Struggling with rogue cloud usage? Ed Moyle explains how and why a cloud service provider inventory can help manage multiple cloud service providers. Tip
-
Cloud security panel discusses transparency, Notorious Nine at RSA
A panel of cloud security experts fielded questions on cloud provider transparency, the CSA's Notorious Nine report and more at RSA Conference 2013. News
-
Eric Chiu analyzes version 2 of the PCI DSS cloud computing guidelines
Video: Eric Chiu, president of HyTrust, examines v. 2 of the PCI DSS cloud computing guidelines and offers guidance on cloud customer responsibility. Video
-
CSA updates push toward cloud provider security assurance at 2013 CSA Summit
The Cloud Security Alliance expanded its cloud security training and cloud provider security assurance efforts Monday at its 2013 CSA Summit. News
- See more All on Evaluating Cloud Computing Providers
About Evaluating Cloud Computing Providers
Just like any vendor relationship, contracting with cloud service providers requires careful evaluation to make sure an organization's information security needs are met. Get tips, case studies and other resources for evaluating the cloud computing providers' security controls.