Chris Ford on Compliance and Cloud Computing | Society of Corporate Compliance and Ethics (SCCE)





While organizations are increasingly embracing cloud computing as a solution to their data management and other needs, they are doing so in an environment of heightened risk. Attacks on cloud providers are on the rise, making it increasingly important to ensure that the rewards outweigh the risks, including from a compliance perspective.

Chris Ford, Vice President of Product, Threat Stack, advises organizations to look to cloud service providers that have taken the step to become certified to standards such as See more +

While organizations are increasingly embracing cloud computing as a solution to their data management and other needs, they are doing so in an environment of heightened risk. Attacks on cloud providers are on the rise, making it increasingly important to ensure that the rewards outweigh the risks, including from a compliance perspective.

Chris Ford, Vice President of Product, Threat Stack, advises organizations to look to cloud service providers that have taken the step to become certified to standards such as ISO 27001 or SOC 2. He also recommends not stopping there and looking for certifications that match in specific risk areas such as IPAA, AVG, CCPA or PCI.

However, that is not enough, he warns in this podcast. Meet the security team to discuss the organization’s practices and how it manages risks from third-party vendors. If their practices aren’t safe or the team isn’t willing to meet with you, that should be a very big red flag. So is the approach to compliance: stay away from suppliers who take a check-the-box approach.

Other advice he gives:

* Ask if they scan code in the build pipeline

* Determine whether they perform runtime monitoring of the infrastructure

* Find out what tools they use to make sure your date is safe

* Make sure they are constantly scanning for vulnerabilities

Finally, security is a “team sport,” he notes. It is important to constantly maintain trust and see this as a joint journey. Learn from the mistakes of others and of course make sure you are just as vigilant for your internal IT security as you are for that of your supplier. see less –




Leave a Comment