Qualys, a provider of cloud security and compliance management products and services, has partnered with global managed security solutions provider Verizon (NYSE: VZ) to develop and deliver cloud-based IT security and compliance management services.
Compliance may not be quite the hot topic it was a few years ago when regulations such as HIPAA and SOX came into being, but it's still of critical importance to many businesses—and particularly to their customers, who would generally prefer not to have their personal information lost or intercepted. Cloud and managed services provider ViaWest knows this, and has expanded its reporting services for its customers using its data centers."The email crash took us down a couple of days. Email is very important to the function of the bank, so we couldn't take that risk of a crash again," says Robert Porter, vice president and IT director at the bank, a $275 million-asset community bank based in Hazard, Ky. The bank moved its entire email system to a hosted Safe Systems solution called SafeSysMail. It's also using an email archiving and encryption service from Safe Systems. For a bank that only has two IT workers, the move to a hosted environment is expected to save about $80,000 over the next three years...
Compliance
Grazed from Compliance Week. Author: Bruce Carton. The SEC brings dozens of financial fraud cases each year. Usually the cases involve companies that, in an effort to make the numbers expected of them by investors, violate GAAP in order to recognize more revenue, hide expenses, inflate assets, etc. In most cases, of course, there is an underlying business at these companies that management is trying to make look better than it really is through financial shenanigans. But not always! Sometimes, as in the case the SEC filed last week against Subaye, Inc. and James T. Crane, the supposed business is simply non-existent. In a complaint filed May 8, 2013, the SEC alleges that although Subaye represented to investors, its auditors and the SEC that it was operating a cloud computing business with thousands of customers, over 1,400 sales and marketing employees and revenues of $39 million, an investigation found that this business was completely "imaginary."... |
|||
Grazed from TalkinCloud. Author: Chris Talbot.
Based on the QualysGuard Cloud Platform, the new cloud security services from the two companies will be an extension of an existing relationship. According to Qualys, this expanded partnership will give Verizon customers access to Qualys' platform to secure and protect their IT assets and web applications from cyberattacks. Another key element will be the automating of compliance with services, including vulernability management, web-application scanning and PCI and policy compliance... |
|||
Grazed from TalkinCloud. Author: Chris Talbot.
ViaWest typically provides a variety of SSAE 16 (formerly SAS 70) reports to customers, and now it's expanding that portfolio to include dual-standard SSAE 16 and ISAE 3402 SOC 1 Type II, SOC 2 Type II, SOC 3, PCI reports on compliance for Sections 9 and 12, as well as HIPAA reports for physical controls... |
|||
Grazed from Information-Management. Author: Justin Kern. Enterprise cloud applications are scoring some anticipated victories with modernization and business value, but are frequently used in a compliance gray area, according to results of a new survey. The report, entitled “Drivers of Cloud Adoption,” surveyed 327 CIOs, IT professionals and business executives involved in cloud adoption at their companies. It was conducted by industry analyst firm Dimensional Research and sponsored by software and on-demand performance management vendor Host Analytics. When asked the driving factors for choosing a cloud application over an on-premise option, there was little surprise that 80 percent of business executives picked “value” as the top reason. CIOs, on the other hand, were split among a range of reasons: cloud better met compliance requirements (58 percent), perception of cloud holding competitive advantage (51 percent), turning to cloud applications as part of a wider cloud strategy (42 percent), along with, of course, value (53 percent)... |
|||
Grazed from Wired. Author: Edwin Schouten. Cloud computing is a trend towards the industrialization of IT, but this industrialization of IT services also has significant impact on the influence the consumer has on the services. Contracts are standard and cannot be tuned to meet consumers’ wishes; ”what you see is what you get.” But IT still needs to govern regulatory compliance, so how does this work with cloud services? Cloud in the Financial Sector I will illustrate this using the regulatory organization from my home country The Netherlands (aka Holland). Recently I was a panelist for a discussion on cloud computing in the financial sector at the national outsourcing congress where I represented the cloud providers. On the panel with me were a representative of consumers, a lawyer and a representative of DNB (De Nederlandse Bank), a public limited company responsible for safeguarding financial stability... |
|||
Grazed from American Banker. Author: Editorial Staff. Federal agencies are starting to catch up to the risks posed by cloud computing. This is sure to stimulate compliance IT projects at financial institutions. A premium will be placed on data that's in flight, or traveling the vulnerable path between banks and third parties. CipherCloud , whose clients include two of the five largest U.S. banks, late this week debuted a new product called CipherCloud Connect AnyApp. The product is designed to encrypt data in transit, in use or at rest for public and private cloud applications — including infrastructure-as-as-service (IaaS), software-as-a-service (SaaS) and platform-as-a-service (PaaS). IaaS refers to the outsourcing of equipment used to support operations, such as storage and servers. PaaS refers to the leasing of operating systems, storage and network capacity over the internet. SaaS is a software distribution method in which hosted applications are delivered to firms over the web. Each of these methods involves some form of data transfer to a host, which places it under FFIEC's guidance... |
|||
Grazed from BankSecurityInfo. Author: Peter Spier. The fact of the matter is that when you and I say "cloud," we may be thinking of two very different things. Partly this stems from the adage "what's old is new again" (welcome back, centralized computing) and partly from a lack of common definition or standards to provide a ready frame of reference. Thankfully, the National Institute of Standards and Technology is on the case. With its release of Special Publication 800-146 [see NIST Issues Long-Awaited Cloud Guidance], the term "cloud" is defined as a service that maintains a pool of hardware resources to maximize service and minimize cost while providing a resource efficiency that permits hardware refresh without impact to its users... |
|||
Grazed from American Banker. Author: Editorial Staff. |
|||
Grazed from Wired. Author: Andrew Hay. Perhaps the largest point of confusion with regards to the Payment Card Industry Data Security Standard (PCI DSS) and cloud computing is the question of upon whose shoulders does compliance fall? In 2011, several cloud providers began asserting that their clouds were validated as PCI DSS compliant. That’s all well and good, but unfortunately this validation does not trickle down to the providers’ customers who deploy servers within the provider’s infrastructure. If your organization wants to migrate PCI DSS in-scope systems to public cloud, there are several things to consider. First and foremost, a cloud provider’s platform is just that – a platform. Physical servers are not certified PCI compliant by the hardware manufactures; just as operating system vendors are not. The platform and software employed serves as a medium upon which businesses can operate. It should be noted, however, that PCI certification for a provider does not just cover material, but process as well... |
|||
Grazed from ComputerWorld. Author: Thomas J. Trappler.
When it comes to moving functions to the cloud, there's no such thing as being too thorough. Say you've got an application that's been running in-house but is now nearing end of life. You find a cloud service that can achieve the same result. You evaluate the vendor's infrastructure and security mechanisms, processes and procedures and determine that they're sufficient to meet your needs. You're looking forward to outsourcing this to the cloud and relieving yourself of all the associated responsibilities. It's all smooth sailing ahead, right?. If you move a function to the cloud that's governed by legal or regulatory requirements and later your company falls out of compliance due to an error on the cloud vendor's part, the law won't go after the vendor - it will come after you. So you need to ensure that the cloud vendor can fully comply on your behalf... |
|||