06-05-12 | Blog Post
While the FedRAMP (Federal Risk and Authorization Management Program) is intended for government entities and their criteria and processes for assessing and monitoring cloud products/services, it’s still a good security standard model that many organizations could follow to minimize security risks in the cloud.
The most applicable standards used for evaluating cloud hosting providers includes:
Documenting security controls is the first step that any organization should require of their cloud provider – this includes:
In addition to documentation, this step includes performing security testing, which requires the cloud provider to contract with an accredited third party auditor to test the security of the cloud provider’s system and environment, produce a report of results, and document a plan of action to remediate or change their system to meet security requirements.
As a cloud provider that needs to balance both security and compliance for our clients, Online Tech has contracted a third party auditor to test its controls against a variety of compliance standards, including HIPAA compliance, PCI DSS Compliance, SOX compliance and more on a continuous basis. Read about what each standard means in our Data Center Standards Cheat Sheet.
This refers to the continuous monitoring of cloud providers to ensure their security controls remain effective over time.
Following a similar plan can help your organization avoid a data breach and stay safe in the cloud.
Recommended Reading:
Top 5 Tips for Cloud Computing Security
HIPAA Compliant Data Centers – Includes Security Recommendations for the Cloud
References:
https://www.gsa.gov