PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
September 2016, Vol. 18, No. 8

Cloud governance model still behind services

A lot of the cloud adoption in organizations has happened in an organic fashion with little to no IT involvement and even less policy oversight. In most cases, the security, policy and cloud governance model you implement will be somewhat retroactive in nature, says Chris Pogue, CISO at Nuix.

Among the challenges in these environments is a lack of standards for evaluating a vendor's risk management and cloud governance model. This month, Information Security magazine looks at steps to help security professionals gain more insight when employees are migrating critical applications and data to the cloud.

Evaluating the security postures of cloud providers, vendors and business partners is a constant dance with the details. Security professionals need specific information that they may not get. We look at enterprise security ratings services akin to what Equifax, Experian and TransUnion do in the financial sector to provide credit ratings for individual consumers. Although the security ratings services are just starting to emerge, these reporting tools may offer another view into the security postures of third parties, and in the board room.

Farsight Security CEO Paul Vixie joins us to discuss the latest research on threats to domain name systems. As talk of digital transformation continues, internet security and cloud governance models will remain top of mind for executives. "Now, IT is the big risk, and we are not looking at the old risks anymore now that the internet has connected everybody to everybody," Vixie says.

Features in this issue

Columns in this issue

More PRO+ Content

View All