Publication Peer Review
Enterprise Authority To Operate (EATO) Auditing Guidelines
Open Until: 11/27/2024
- The CSA Enterprise Authority to Operate (EATO) Working Group has identified gaps within the understanding and implementation of information security and data protection controls by small to mid-sized Cloud based XaaS, particularly when processing sensitive data of highly regulated industries, inhibiting market adoption of such services.
- For consuming Corporate Customers which have to abide by multiple and tight regulations, such Cloud based XaaS cannot be adopted "out of the box" but have to be assessed individually (i.e. by each of the potential customers) using heavy weight Risk & Cloud Control Assessments.
- These assessments result in many findings regarding control deficiencies. The findings lead to complex remediation requirements towards the vendor and their services.
- Overall, significant and redundant cost with multiple and potentially also overlapping or even conflicting effort intensive assessments and remediation processes, both to the vendor and the several potential Corporate Customers.