Assessments

Cloud Computing Security Assessment

Cloud computing can be fraught with security risks. It is critical that organizations get a security assessment from a neutral third party before committing to a cloud vendor. Cloud computing has unique attributes that require risk assessment in areas such as data integrity, recovery, and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance, and auditing.

 

Bayside Solutions can assist your organization in ascertaining the level of security of your cloud computing environment. We can also assist with the design and implementation of your cloud computing environment to ensure it meets the security requirements of your organization.

 

 

Organizations using cloud computing must consider:

  • Sensitive data - Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the controls used in-house.
  • Regulatory compliance - Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a cloud computing provider.
  • Data location - Do you have regulatory or contractual obligations to store data in specific jurisdictions? Can your data by stored outside the U.S., for example?
  • Data segregation - It is critical that your data is segregated from other customers.
  • Recovery - Cloud providers must have plans to restore your data and service in case of a disaster.
  • Investigative support - Investigating inappropriate or illegal activity may be impossible in cloud computing.
  • Long-term viability - What is the long term viability of your cloud computing vendor?

 

 

Key features/Services:

  • Legal Contract and SLA Review
  • Governance and Enterprise Risk Review
  • Compliance and Audit Review
  • Information Lifecycle Review
  • Data Center Operations Review
  • Incident Response Review
  • Application Security Review
  • Encryption and Key Management Review
  • Identity and Access Management Review
  • Storage Review
  • Virtualization Review
  • Disaster Recovery Review