Cloud adoption is an increasing trend considering cost
benefits and agility benefits it provides. Organizations need to deliver rapid
and innovative cloud-based solutions while maintaining existing governance best
practices with accurate risk assessment, and compliance management for enhancing
its security standards.
How do you best incorporate security, governance, and
regulatory considerations into your cloud environment, as well as how to categorize
and manage risk?
Cloud Security solution should provide Cloud Security Assessment
Engine for the analysis of existing security best practices followed by
organization. Security Governance, Risk Management and Compliance (Security) offering
should aims at providing the customer with a risk-based approach to cloud
related security concerns and diverse risks that they could face when their
information asset/data is placed on the cloud based on Governance and
Operations domains. Governance domain includes assessment of sub domains such
as Governance and Enterprise Risk Management, Legal, Compliance and Audit, Information
Management and Data Security, Portability and Interoperability. Operations
domain includes assessment of sub domains such as Application Security, Perimeter
Security, Identity and Access Management, Encryption and Key Management, Incident
Management, and Business Continuity and Disaster Recovery.
It should provide guidance on best practices for mapping of
controls from multiple regulatory compliance requirements aligned by Cloud
Security Alliance to design and implement secure cloud environment.
Labels: Cloud Computing