Cloud GRC: Maintaining security and compliance in the cloud

I was recently interviewed by Christine Parizo, SearchCompliance (a TechTarget publication) for an article on how to maintain security and compliance during public and private cloud deployment. The article covers cloud data monitoring strategies as well as cloud data regulatory management best practices.  I found the questions Christine recommends asking cloud providers when evaluating their services to be right on target:

  • Does it have the ability to encrypt data at rest and in transit?
  • Does it have the ability to pull audit information via logs?
  • Does it include role-based access control?
  • Does it have the ability to map roles according to enterprise hierarchy, or a facsimile of the enterprise organizational structure?
  • Can it authenticate against a central system-of-record based on user roles and assignments?
  • Can it integrate with existing command-and-control systems?
  • Can it back up data off the cloud?
  • Does it have built-in disaster recovery capabilities?

If you are looking to move significant pieces of your operations into the cloud, I recommend that you check out Christina’s article.