“It’s becoming an important differentiator for public cloud providers like us to show continuous compliance with respect to customer and supplier records,” said Gilles Samoun, chief executive officer at NTRglobal. “We are pleased with the Agiliance RiskVision implementation of the CSA GRC Stack and plan to use this new capability centrally in our risk and compliance framework for customers and regulatory bodies.”
Whether implementing private, public or hybrid clouds, the shift to compute-as-a-service presents new challenges across the spectrum of GRC requirements. The combined solution of RiskVision and CSA GRC Stack provides an assessment and risk management toolkit for enterprises, cloud providers, security solution providers and IT auditors. By implementing the CSA GRC Stack into RiskVision and making it the foundation for Agiliance’s recently launched Cloud Risk Management service, Agiliance is the first GRC vendor to bring this combined set of best practices to the GRC community. The Agiliance RiskVision platform is the only GRC platform that leverages the CSA GRC stack across all GRC and security functions, including Compliance Management, Vendor Risk Management, Threat and Vulnerability Management and overall Enterprise Risk Management. The new CSA-enabled RiskVision allows Agiliance customers to monitor compliance in the cloud against specific frameworks and regulations such as PCI and HIPAA.
“Cloud computing has created great interest as a means of revolutionizing enterprise IT, but concerns over data protection, privacy and security impede progress,” said John Katsaros, principal at Internet Research Group. “Products that adapt tools to cloud infrastructure and integrate industry best practices, such as the CSA GRC Stack, help organizations create an accountable implementation of enterprise policy and security assessments within the cloud.”
The Cloud Security Alliance GRC Stack is an integrated suite of three CSA initiatives: CloudAudit, Cloud Controls Matrix and Consensus Assessments Initiative Questionnaire. Agiliance RiskVision now ships with the two components made ready for use by CSA:
Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry.
Consensus Assessments Initiative Questionnaire (CAIQ) performs research, creates tools and creates industry partnerships to enable cloud computing assessments. The CAIQ provides industry-accepted ways to document what security controls exist in IaaS, PaaS and SaaS offerings, providing security control transparency. The questionnaire (CAIQ) provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider.
“We are pleased that Agiliance has embraced our initiatives around Cloud Controls Matrix, and the Consensus Assessments Initiative Questionnaire,” said Jim Reavis, executive director of the Cloud Security Alliance. “Agiliance shows leadership by adopting our new industry recommendations so quickly and helps evangelize best practices for providing security assurance within cloud computing.”
Organizations seeking cloud risk management of virtualization initiatives can learn more about RiskVision with the integrated CSA GRC Stack at http://www.agiliance.com/services/cloud_managed_services.html
Agiliance is the leading independent provider of Governance, Risk and Compliance (GRC) solutions. Delivered on-demand or on-premise, Agiliance GRC technology minimizes manual auditing through scalable automation to enable closed loop risk management and continuous compliance. Agiliance customers use real-time risk analysis to optimize business performance and make better investment decisions. Unlike legacy offerings that can take nearly a year to deploy, Agiliance's Global 2000 and public sector customers deploying the Agiliance RiskVision™ platform achieve demonstrable value within 30 days on-demand, and within 90 days on-premise, made possible by Agiliance's extensive library of technology integrations and GRC content. Agiliance RiskVision scales with businesses, effectively managing data, assets, people and processes to achieve 100 percent risk and compliance coverage. For more information, please visit www.agiliance.com.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, please visit www.cloudsecurityalliance.org.