|
A Proven Methodology for Tackling Cloud Computing Security Challenges (January 2012) |
|
|
Securing your data is a key component and strong enabler in making a successful transition to the cloud. Your data in the cloud can come with significant risks that require a well thought-out strategy that will reduce the risk of a data breach.
Organizations thinking about migrating part of their operation to the cloud should develop a risk-based strategy to secure their data based on both leading security practices and regulatory requirements. If you are subject to regulatory compliance such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI/DSS) and state data privacy laws to protect various types of information, you are responsible for meeting that regulatory requirement if it resides in the Cloud. The HITECH Act for HIPAA has specifically included the role the service provider with a responsibility to secure Protected Health Information (PHI). Trusted boundaries have moved, and customers are unsure where the boundary exists. Organizations should assess legal, organizational, operational, technical and security risks prior to placing information into the cloud. Knowing the geographic location of your provider’s servers and your data is critical to meeting your regulatory compliance requirements.
|
Contact Sirius for more information about our cloud computing solutions
|
Sirius uses a proven methodology based on our extensive knowledge of NIST, COBIT, Cloud Security Alliance (CSA) focus areas, and International Standards such as ISO 27001/27002, ISO 20000 and British Standard 25999. This comprehensive approach assesses governance, data classification and protection measures, risks, threats, controls, and regulatory compliance requirements (PCI DSS, HIPAA/HITECH), and Data Privacy Laws among others.
Sirius’ security architects will evaluate your environment and determine requirements for applicable data protection and governance models. Scalable to your specific requirements and budget, Sirius Cloud Security offerings will provide you with the information you need to reduce the risk for your business whether utilizing a public or private cloud from potential providers or your own internal private cloud environments providing the assurance and protection that your business demands.
Sirius can tailor an assessment to your specific needs utilizing our Security Architects, IT Consultants and Infrastructure Engineers. Typical assessments are:
• Cloud Risk Assessment
• Compliance (HIPAA/HITECH, PCI DSS, Data Privacy) Gap and Readiness Assessments
• Cloud Security Architecture and Design
• Virtualization Security Assessment
• Business Continuity and Disaster Recovery planning and solutions |
 |
To learn more about Security and Compliance Solutions from Sirius, contact your Sirius client executive, or visit the Sirius Security and Compliance Solutions page at siriuscom.com.
[Ed. Note: Sirius has just published the January, 2012 update of the Sirius Services Catalog, a comprehensive listing of services offered by Sirius consultants. This offering is a new addition to the Unified Communications and Collaboration chapter. You can download the Unified Communications and Collaboration chapter or download the entire Services Catalog at siriuscom.com.] |
|
