Sunday 14 October 2012

Cloud Compliance: Part 2 - Top 10 Tips

My latest post Cloud Compliance: Part 2 - Top 10 Tips is out on Newvem. This time I got great support from Ron Peled (@Ron1Pel), Security Specialist at LivePerson, the team at LivePerson (@LivePerson) and Ofir Nachmani (@IAmOnDemand) at Newvem (@Newvem). I salute their support.

Short break out from the post:
Here are Ron’s top ten tips for CSPs, whether you’re already a cloud player or plan to become one: 
  1. SaaS = TRUST. If you can’t provide a trustworthy environment, don’t provide it at all.
  2. Invest in security and compliance. Don’t skimp—it is fundamental to your business and its future.
  3. Customers will always have concerns and ask questions. Be proactive: identify issues ahead of the curve and address them. In addition, assign a professional point person qualified to communicate with customers and address their concerns in detail.
  4. Marketing: explain why your security is good (and mean it- make sure you are able to back up your statements.)
  5. Document your practices: make them accessible and comprehensible to customers.
  6. Listen to your customer’s needs: what kind of compliance needs do they have and why? (What is applicable to your services?)
  7. Use independent security & privacy seals, e.g. SSAE SOC-2, privacy seals, and known security brand scans.
  8. Connect and be active in leading industry organizations and follow their standards, like the Cloud Security Alliance. Research and learn the common compliance requirements, standards, etc.
  9. When possible, narrow the scope of sensitive data under management by using encryption, data masking, avoiding storage of sensitive data, etc.
  10. Embrace customer feedback and leverage the power of community to improve your security.
Does this make sense to you? It does to me. Tip no. 1 pretty much says it all.

No comments:

Post a Comment