The security controls which have been rigorously implemented inside a company’s enterprise must also be extended to the cloud. Understanding the security landscape is critical to your business. Putting those assets in the hands of a third-party provider warrants proper due diligence from management on down, as how you, the business, manage your deployment.
Understanding how your data flows through the environment, where it is stored, and how it is segmented is an important step to take before actually beginning to utilize cloud offerings. By clearly defining this, you can start to map out controls for protecting your data as well as detail which party is responsible for enforcing that control.
One way to determine the effectiveness of existing controls and what controls are missing is to perform an audit against either FedRAMP or the Cloud Security Alliance’s defined security controls matrix. The Federal Risk and Authorization Management Program (FedRAMP) was developed to provide a standardized approach to assess, authorize, and monitor cloud services and products. Similarly, the Cloud Security Alliance (CSA) has defined the Cloud Controls Matrix (CCM) which is designed to assist in assessing the overall risk of cloud services. This framework is built proven industry security standards such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP.
By aligning with these frameworks, ECI Networks works with organizations to determine and establish the right security controls. We understanding the technical infrastructure and we have the knowledge to assist in both the technical and administrative aspects of security controls and documentation requirements.Click here for reuse options!
Copyright 2014 ECI Networks