Changing The Cloud Security Conversation

What are the pertinent questions banks should ask about security in the cloud?
November 08, 2013

Leveraging Economies of Scale


John Howie, COO Cloud Security Alliance

Cloud providers benefit from economies of scale and have more resources at their disposal to invest in security and privacy of customer data. Due to the diverse nature of their customer base, cloud providers invest heavily in obtaining a variety of certifications and attestations that they can rely on to prove their solutions can meet their customers' compliance obligations. Although cloud consumers cannot outsource accountability, they can negotiate responsibility with providers.

These certifications and attestations along with other transparency measures, such as publication in the Cloud Security Alliance's (CSA) Security, Trust and Assurance Registry (STAR), can provide a window into the size and scale of the investments in security and privacy made by the cloud providers. Questions that prospective consumers can ask cloud providers might include, "What certifications and attestations do you have?" The answer to this question, however, is not sufficient alone. Consumers also need to ask if certifications and attestations obtained cover the service that the consumer is interested in purchasing, and can satisfy themselves that they do by examining Statements of Applicability and the audit reports themselves. Consumers should also ask providers if they have a SOC 2 report that includes the CSA's own Cloud Controls Matrix (CCM), which is recommended by the American Institute of Certified Public Accountants (AICPA).

Bank Systems & Technology encourages readers to engage in spirited, healthy debate, including taking us to task. However, Bank Systems & Technology moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Bank Systems & Technology further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
< Previous1 2 3 4 5 6 Next > 

< Previous1 2 3 4 5 6 Next >