CLOUDTWEAKS DEMAND GENERATION

Each year we provide a few highly customized demand generation opportunities to partners and going into our 10th year at CloudTweaks is certainly no different. We are on the lookout for technology vendors to collaborate with on a number of initiatives in 2019. 

Sponsorship opportunities will be available for all budgets and sizes including the (premium) thought leadership exposure program or the webinar, podcast, white paper or explainer video lead generation program. 

cloud-data

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Cloud Compliance 

Regulatory compliance is an issue that has not only weighed heavily on the minds of executives, security and audit teams, but also today, even end users. Public cloud adds more complexity when varying degrees of infrastructure (depending on the cloud model) and data fall out of the hands of the company and into the hands of the service provider. Additionally, the lines of responsibility between the service provider and the consumer remain blurred in most regulations, standards and frameworks though cloud has gone mainstream for even regulated workloads. However, in this era of business agility out we not to focus more on ways to relieve cloud audit burden?

It’s all About the Data

With end user digital empowerment and increased business agility it’s only to be expected that more rogue cloud services will abound. That’s where a more data-centric approach can reduce the risk of compliance violations of data being transacted or residing in rogue cloud services. In this data-centric approach users need to be:

1. Proactively educated about the value of data. Many when they provision rogue cloud services are often not aware of the value of the company data that they are farming out to public cloud models

2. Able to leverage an intuitive data classification scheme and easily digitally tag or watermark data accordingly

Organizations can also leverage one of the many cloud security brokers for the discovery, analysis and many of the policy enforcement aspects of their data across public Software as a Service cloud models.

Standards Evolution

Standards issuers have begun providing more concrete guidance and standards for cloud service providers and consuming organizations alike The International Organization for Standardization ISO/IEC 27018:2014 establishes controls and guidelines in for protecting Personally Identifiable Information (PII) in public clouds. The Payment Industry Data Security Standard (PCI DSS) Council has also issued guidance and so has the National Institute of Technology and Standards (NIST), with its Federal Risk and Authorization Management Program (FedRAMP). FedRAMP goes one step further in requiring service providers to obtain authorization in order to meet federal cybersecurity requirements for cloud services.

Harmonizing Compliance Efforts

shutterstock_186238016

Harmonizing regulations and standards to a common security framework can greatly benefit both cloud providers and consuming organizations. Cloud users no longer need to think of standards in a “one off” manner, but instead utilize a framework to essentially “audit once, report many times” given the great overlap between many of the standards, frameworks and regulations today.

The Cloud Security Alliance Cloud Controls Matrix cross maps several internationally recognized industry and regulatory standards against 16 domains based on critical areas of focus for cloud computing and while not intended to be a prescriptive framework, it has emerged as concrete guidance for all parties. The Cloud Controls Matrix also recognizes that controls apply differently across different environments and delineates controls not only by cloud model type (SaaS, PaaS, IaaS), but also recommends which fall under the service provider’s realm of responsibility versus the consuming organizations’.

As cloud audit processes mature, there is an opportunity to further streamline compliance and decrease complexity. A digitized cross mapping tool would be the next evolution and a great asset to both cloud providers and consuming organizations alike.

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

RESOURCES

Top 50 Cloud Hosting Services

Top 50 Cloud Hosting Services

The methodology behind our top 50 cloud list is based on several years of experience understanding and following who the key players are in the industry. Click to review the current top 50 and stay tuned for future discussion ...
Glassdoor’s 10 Highest Paying Tech Jobs Of 2018

Glassdoor’s 10 Highest Paying Tech Jobs Of 2018

Glassdoor is best known for its candid, honest reviews of employers written anonymously by employees. It is now common practice and a good idea for anyone considering a position with a new employer to check them out on Glassdoor first. With ...
Load Testing Tools

Load Testing Tools

Provided is a short list of load testing tools which will test server and application resistance and certainly valuable in order to help test and tweak your company's infrastructure ...
12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services For Your Company

Business Intelligence (BI) Services Business Intelligence (BI) services have recently seen an explosion of innovation and choices for business owners and entrepreneurs. So many choices, in fact, that many companies aren’t sure which business intelligence company to use. To help ...

CONTRIBUTORS

ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

Designing Enterprise Software around People Looking back, business owners talked to their customers and employees in person or by phone ...
Winning the data intelligence game

Winning the data intelligence game

Data intelligence A case can be made that every company is now a data company. But, it is the effective ...
The UK Tech Sector: The Gender Gap

The UK Tech Sector: The Gender Gap

The Tech Sector Gender Gap In conversation with Co-Founder and Creative Director of North West Web Design Studio, MadeByShape Andy ...
GDPR Compliance

A Quick and Dirty Guide to GDPR Compliance

GDPR Compliance Set a reminder: On May 25, 2018, the new General Data Protection Regulation directive from the European Union ...
Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks Nearly every IT professional dreads unplanned downtime. Depending on which systems are hit, it can mean ...
The Digital Economy: Embracing The Latest Technological Advancements

The Digital Economy: Embracing The Latest Technological Advancements

The Digital Economy As you would expect, for any business to achieve successful growth and meet its objectives, it must ...
Why ‘Data Hoarding’ Increases Cybersecurity Risk

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated ...