While the FedRAMP (Federal Risk and Authorization Management Program) is intended for government entities and their criteria and processes for assessing and monitoring cloud products/services, it’s still a good security standard model that many organizations could follow to minimize security risks in the cloud.
The most applicable standards used for evaluating cloud hosting providers includes:
Documenting security controls is the first step that any organization should require of their cloud provider – this includes:
In addition to documentation, this step includes performing security testing, which requires the cloud provider to contract with an accredited third party auditor to test the security of the cloud provider’s system and environment, produce a report of results, and document a plan of action to remediate or change their system to meet security requirements.
As a cloud provider that needs to balance both security and compliance for our clients, Online Tech has contracted a third party auditor to test its controls against a variety of compliance standards, including HIPAA compliance, PCI DSS Compliance, SOX compliance and more on a continuous basis. Read about what each standard means in our Data Center Standards Cheat Sheet.
This refers to the continuous monitoring of cloud providers to ensure their security controls remain effective over time.
Following a similar plan can help your organization avoid a data breach and stay safe in the cloud.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.