Today’s news closely follows the announcement of marked company growth and recognition in innovation for RiskVision 5.0, already available on-demand in the cloud, further simplifying deployment for customers who require minimal IT effort in running GRC systems.
Business factors make applications in the cloud attractive, yet organizations are unprepared to tackle compliance and security risks introduced in a cloud environment. As Global 2000 private and large public sector organizations face increasing compliance and security demands, they are virtualizing more of their IT operations through private and public cloud environments. These organizations must “gracefully lose control” without undermining GRC commitments. Solutions that address the stages of cloud adoption with an ultimate view toward “transparent compliance” are paramount.
Agiliance’s Cloud Risk Management offering mirrors cloud risk governance stages that experts anticipate will be adopted in the market:
* Cloud Risk Readiness. This assessment service is for private cloud project and operator risk assessments, and public cloud project and provider risk assessments, inclusive of third and fourth party providers. The service uses the RiskVision platform, compliance controls assessment frameworks and content from PCI DSS 2.0, FISMA 2010, SOX, NIST, ISO, CSA, SANS and BITS, threat controls content from CSA, and cloud risk dashboards and reports.
* Cloud Risk Operations. Using Agiliance RiskVision as the base platform, this monitoring service is for private cloud virtualization security policy compliance, cloud threats and vulnerabilities and offline image re-compliance. Public cloud uses include compliance, segregation and virtualization provisioning management. For continuous compliance, NIST SCAP protocols, CIS benchmarks and secure configuration management integrations with VMware vShield, McAfee ePO and netIQ SCM are automated. For threat management, zero-day feeds from Verisign and the National Vulnerability Database (NVD), and virtualized vulnerability integrations with eEye Retina and Tenable Nessus are automated.
* Cloud Risk Audit. This assurance service targets emerging CloudAudit and other guidelines for private cloud operators and public cloud providers to perform automated regulatory health checks and provide transparency in their infrastructure (IaaS), platform (PaaS) and software (SaaS) environments. Agiliance RiskVision is the base platform that will articulate multi-party data flows and asset locations with real-time risk analytics.
According to a report by Forrester Research, Inc., “To take full advantage of the power of cloud computing, end users need to attain assurance of the cloud’s treatment of security, privacy, and compliance issues.” Another report by Forrester Research, Inc. also states that, “Instead of waiting for the cloud industry to step up its support for regulatory compliance, security professionals should look beyond their providers for compensating controls to aid cloud sourcing.”
“What has been holding back the adoption of cloud computing in large organizations are consistent and standardized frameworks, open standards and interfaces that address security controls and easy to implement processes to provide assurances on levels of GRC and security in cloud environments,” said Jim Reavis, cofounder and executive director of the Cloud Security Alliance (CSA). “I am pleased to see a leading independent IT GRC provider like Agiliance join CSA and participate in the Controls Matrix and CloudAudit. Agiliance’s support of these key emerging practices and standards will enable their customers to maximize the insight they have into their compliance status and risk posture in the cloud according to the industry’s best available knowledge.”
Availability and Pricing
The Agiliance RiskVision platform and applications are available today on-demand in the cloud, starting at $37,500 per year. The Agiliance Cloud Risk Readiness Service and Cloud Risk Operations Service will be available December 2010. Actual fees depend on cloud operator and cloud provider scale. The Cloud Risk Audit Service will be available in 2011. For more information about Agiliance Cloud Risk Management, please visit http://www.agiliance.com/services/.
About Agiliance RiskVision Agiliance RiskVision is an integrated, purpose-built OpenGRC platform that offers an agile, modular approach to managing enterprise risk. RiskVision is comprised of six key OpenGRC applications including: Compliance Manager, Enterprise Risk Manager, Vendor Risk Manager, Policy Manager, Threat and Vulnerability Manager and Incident Manager. Organizations can start with a single application and configure or deploy additional applications as needed. By leveraging the power of RiskVision, organizations are quickly gaining value from Governance, Risk and Compliance efforts with effective investment decisions, visibility into current and future risk, fewer audit failures and improved use of resources. For more information, please visit http://www.agiliance.com/products/.
About Agiliance Agiliance is the leading independent provider of Governance, Risk and Compliance (GRC) solutions. Delivered on-demand or on-premise, Agiliance GRC technology minimizes manual auditing through scalable automation to enable closed loop risk management and continuous compliance. Agiliance customers use real-time risk analysis to optimize business performance and make better investment decisions. Unlike legacy offerings that can take nearly a year to deploy, Agiliance’s Global 2000 customers deploying the RiskVision™ platform in the cloud achieve demonstrable value with full automation within 10 days, made possible with Agiliance’s most extensive library of technical integrations and GRC content. RiskVision scales with your business to manage the massive amounts of data, assets, people and processes that are required to ensure 100 percent risk and compliance coverage. For more information, please visit http://www.agiliance.com.