Chris Ford on Compliance and Cloud Computing

Society of Corporate Compliance and Ethics (SCCE)
Contact
While organizations have increasingly embraced cloud computing as a solution to their data management and other needs, they do so in an environment of heightened risks. Attacks on cloud providers are increasing, which makes it ever more important to ensure that the rewards outweigh the risks, including from a compliance perspective.

Chris Ford, Vice President Product, Threat Stack, advises organizations look to cloud service providers that have taken the step of becoming certified against standards such See more +

While organizations have increasingly embraced cloud computing as a solution to their data management and other needs, they do so in an environment of heightened risks. Attacks on cloud providers are increasing, which makes it ever more important to ensure that the rewards outweigh the risks, including from a compliance perspective.

Chris Ford, Vice President Product, Threat Stack, advises organizations look to cloud service providers that have taken the step of becoming certified against standards such as ISO 27001 or SOC 2. He also recommends not stopping there and looking to certifications that align with specific risk areas such as IPAA, GDPR, CCPA or PCI.

That’s still not enough, though, he cautions in this podcast. Meet with the security team to discuss the organization’s practices and how it manages third party vendor risk. If their practices aren’t secure or the team is unwilling to meet with you that should be a very large red flag. So, too, is the approach to compliance: stay away from vendors who take a check-the-box approach.

Other pieces of advice he offers:

* Ask if they scan code in the build pipeline

* Determine if they do runtime monitoring of the infrastructure

* Find out what tools they use to ensure your date is secure

* Make sure they are constantly scanning for vulnerabilities

Finally, security is a “team sport” he notes. It’s important to maintain trust on an ongoing basis and look at this as a journey together. Be sure to learn from the failures of others, and, of course, make sure that you are just as vigilant of your internal IT security as you are of your vendor’s. See less -

Embed
Copy

Written by:

Society of Corporate Compliance and Ethics (SCCE)
Contact
more
less

Society of Corporate Compliance and Ethics (SCCE) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.