Circle
Events
Blog

Download Publication

Streamlining Vendor IT Security and Risk Assessments
Streamlining Vendor IT Security and Risk Assessments

Streamlining Vendor IT Security and Risk Assessments

Release Date: 12/09/2018

Cloud computing has rapidly gained traction as a significant and even default IT system for many different organizations. In such a dynamic environment, cybersecurity is paramount—especially when third parties that provide cloud-based services to companies are involved. However, developing a comprehensive IT risk management program that involves third-party service providers often eludes many organizations, consuming a lot of time and cost while resulting in a limited understanding of a vendor’s risk profile.

In this paper, the Cloud Security Alliance (CSA) and the National Technology Security Coalition (NTSC) advocate for a new approach to how organizations manage risks, achieve assurance, and enable trust in the cloud. We encourage all stakeholders to increase their level of collaboration while utilizing existing standards and open tools. Through this document, we make it clear that the future of cybersecurity, the future of cloud security, and the resilience of our economy, is largely in the hands of the consumers of cloud services.

Key Takeaways:
  • How new technologies are significantly changing the cloud
  • The ways in which the cloud is shifting information security best practices
  • The state of IT regulatory environments related to cloud computing
  • The unique challenges that cloud computing poses to vendor management
  • The CSA resources you can use to create consistency, greater accountability, and security within the cloud ecosystem, such as the STAR Program, CCM, and CAIQCloud provider vetting best practices
  • Tips for rolling out cloud provider vetting programs and improving existing programs
  • Advanced program tools and insights that can help you get more out of your cloud provider vetting and assessments, such as our STAR cloud assurance certification
Who It’s For: CISOs, those looking for guidance on information technology regulation, and other parties interested in IT security assessment

Help CSA better understand how we can support the cloud community. Answer a couple of questions to download this resource.

In my current job I work in:

CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

You’ve made safer cloud computing possible.

Download
Provide feedback on this form

CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

Download
Provide feedback on this form
Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?