Michelle Taggart

Operational cloud technology and services provide tremendous benefits for various businesses, including risk transference. However, moving to a cloud infrastructure without visibility on the service provider’s security posture and program puts cloud customers in an unknown vulnerable state.

Operational changes should be symbiotic with security changes. System changes should activate the risk identification review that will update all succeeding processes that depend on the evaluation results. Because business information can present itself in different forms and locations, information management is crucial in enforcing adequate data security and control. Moreover, information may exist in an unstructured format where the misconception that such data is not considered sensitive might be overlooked. Employing a data inventory service powered by AI can help identify information that would generally have been overlooked.

A legally binding agreement through the cloud security agreement, or CSA, between the cloud customer and their cloud security provider, or CSP, provides assurance that a mutual understanding has taken place before doing business. As the CSP customers, in general, relinquish their control over the environment that the CSP manages, the CSA becomes their compensating control over the data that ...