Managing security, privacy, and compliance in an era of IT transformation
Cloud computing and virtualization challenge the model of traditional security, privacy, and compliance risk management. These IT transformations remove and change barriers of separation, allow for on-the-fly configurability of physical and virtual resources, relinquish control to service providers and new platforms, centralize all-encompassing control to just a few users, and demand new concepts in security protection rendering the traditional perimeter model either obsolete or in-need of adaptation.
As experts in cloud and virtualization risk management, Cloud Approach provides you the experience, innovation, and thought leadership necessary to gain the full return-on-investment of these technologies while managing risk and gaining buy-in from all stakeholders in your organization.
The Cloud Approach SONIC consulting services framework means you receive the overwhelming value associated with highly structured, prioritized, and actionable risk management recommendations and findings along with toolsets you can use to continuously manage your risk. SONIC provides recommendations that can be dynamically customized, using the SONIC XML and Office toolsets, to your changing budgetary, schedule, and implementation risk requirements including relative weightings of risk management solutions based on CAPEX versus OPEX, recurring/non-recurring, and current-versus-future costs as a function of projected business, vendor, and technology changes. More than 250 dimensions of analysis and review are included in the SONIC risk management framework including:
- Management, administration, segregation of duties, and authentication
- Sensitive data management and encryption
- Trust-level association and separation; virtual and physical
- Security-in-motion and dynamic resource allocation
- Log management and visibility
- Globalization risk from data moving outside of organization's country
- Virtualized security and networking appliances
- Configuration management of virtual and cloud resources
- Tamper and anomaly detection
Cloud computing and virtualization challenge compliance mandates by spreading responsibility, limiting visibility, and removing traditional physical barriers across a wide-range of virtualized and outsourced components. Controlling the spread of information is a challenge as it propagates through virtual machine images, shared virtualized storage, and virtualized and service provider systems and networks. The Cloud Approach SONIC framework allows your organization to cross the chasm of cloud and virtualization risk management, adapting existing risk management approaches and placing new ones in-place so your business can gain maximum benefit from the cloud and virtualization.
Cloud Approach SONIC Harmonized Compliance allows your organization to manage to a single risk framework and seamlessly map to the multitude of compliance mandates your organization is subject to, saving the organization significant time and resources in managing compliance. Very few organizations are subject to just a single compliance requirement. For example, an organization subject to PCI is also very likely, if operating within the United States, subject to Massachusetts law 201 CMR 17 and other compliance mandates including SOX, GLBA, and global privacy laws and regulations. Government agencies within the United States will be subject to FISMA and agency-specific regulations. By managing risk to a single framework instead of N-times, one for each of N compliance frameworks, compliance overhead and duplication of efforts are significantly reduced resulting in cost savings, streamlined operations, and enabling IT to respond to changing business needs faster.
The SONIC privacy framework enables your organization to manage privacy in this new era of cloud computing and sprawl of virtualized infrastructure. In today's globally connected world, the concept of privacy is no longer something that can be thought of in terms of simple compliance, fines, or public relations-related issues. In order to be competitive in an ever-changing and increasingly commoditized marketplace, companies are outsourcing and adopting technologies that have traditionally been pure internal endeavors. New and emerging technology is continually improving operational efficiency, ultimately contributing to increased profit margins. However, traditional processes, procedures, and controls have not evolved to match the privacy and confidentiality risks of these new technologies. Privacy has evolved from an isolated consumer perspective to include corporate assets ranging from intellectual property to business strategy to operational processes and procedures.
As more and more data is being pushed out to the cloud, companies need to look at their external and in-house service providers to ensure industry best practice and regulatory compliance issues are appropriately addressed. The complex and inter-connected nature of these cloud services requires an analytics-driven and experienced view into them. Identifying and rating risk for what has traditionally been isolated islands of technology is essential in understanding, and ultimately mitigating, the overall risk factor to the enterprise. Rather than be reactive to corporate and consumer data/security breaches and regulatory compliance, embedding a modern and methodical approach to cloud-based security is essential. No matter how familiar the landscape looks, the underlying rules have changed. In this changing landscape, Cloud Approach consultants and the SONIC framework provide your organization overwhelming value, allowing your business to move quickly while optimally managing risk.