Loading Events

« All Events

  • This event has passed.

Cloud: Risk and Compliance

March 21 @ 6:00 pm - 8:00 pm


March 21
6:00 pm - 8:00 pm


theClubhou.se @ Georgia Cyber Center
One 11th St. Suite 3700


Hack Augusta

Cloud Security from a CISOs Perspective is the topic in March at the Cloud Meetup.

The use of cloud-based services (across the IaaS, PaaS and SaaS spectrum) provide new challenges to CISOs as they work to secure the enterprise. A CISO must look at cloud-based services from two, sometimes competing, perspectives. One, is compliance with federal and state mandates as well as industry-base standards.These introduce requirements such as ensuring “least privileged” access and “separation of duties.” The very nature of cloud-based services can conflict with these goals, yet, simply “locking down” cloud-based services would defeat the value they bring to the business. A CISO must also look at cloud form a risk perspective and ensure the security controls applied are risk-commensurate. While the compliance perspective is typically approached as a checklist, the risk-based perspective cannot be. It is more nuanced and cannot rely on an external authority for justification. For this reason, many organizations are not a mature in this category leading to one of two errors: either over-controlling cloud-based services until they no longer provide high value, or under-controlling and placing sensitive data at risk. This discussion will look at this dynamic and provide recommendations for effectively determining and implementing cloud-based security controls.