The risk associated with cloud computing are no different than those applicable to IT environment within organization. The difference may originate from cloud service model, technologies, operations model, and users; in short people, process, and technology used in cloud deployment decides the security requirements.
eInnosec with the help of approach developed by Cloud Security Alliance, NIST, ISO guidance, PCI, etc. have designed the cloud security controls implementation methodology that fit the organization needs and business objectives, and complies with laws and regulatory compliance requirements. The methodology is risk based and considers top risks to balance the cloud security costs vis-vis business goals.
- Cloud Strategy
- Cloud management ‐ SLA management, control over licensing, lower costs, enhance operational availability and optimization
- Cloud security architecture
- Cloud application security
- Implementing ISO 27001, CSA STAR Certification, NEN 7510, SOC1, SOC2, NIST, etc.
- Cloud compliance for sensitive data ‐ PCI DSS, SOX, GLBA, HIPAA, HITECH, EU Data Protection Directive, FERPA, etc.
- Data privacy and security by design Cloud audits, reviews, and assurance
- Compliance with cloud regulations ‐ APEC Privacy Framework, COPPA, Safe Harbor, Personal Data Protection Act (PDPA), etc.