Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
CRM Press Releases
Is your endpoint data protected?
Average Rating:
Rate this article:  
Data Security and the Cloud: Get Up to Speed

Data Security and the Cloud: Get Up to Speed

News as reported by the company
Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

Data Security and the Cloud: Get Up to Speed on Service Organization Control Reports
 

NEW YORK, March 26, 2012 -- Most people are wary of electrical devices that don't carry a seal of approval from Underwriters Laboratories, or a bank that isn't FDIC insured. Wouldn't it be great if there was something similar that businesses could rely on when choosing a cloud computing vendor?

With the marketplace still evolving, however, there isn't a single "thumbs up, thumbs down" standard for cloud security. Yet business technology leaders still have to make the right call on outsourced IT vendors and the integrity of data centers they use to deliver information to the cloud. The dilemma: many decision-makers are unfamiliar with or lack confidence in choosing the best services to make those assessments.

To address this need, the American Institute of CPAs has developed a series of services for data centers that, once completed, lead to documents called Service Organization Control (SOC) ReportsSM. SOC 1SM reports refer to controls of centers that impact customers' internal controls over financial reporting, while SOC 2 SM reports cover system reliability criteria, including data security, privacy, confidentiality, system availability and operating integrity. A SOC 3 SM report, meanwhile, is a short-form version of the SOC 2 report and the only one of the three that's designed for public consumption.

Making sure a vendor uses data centers that have gone through the proper audit engagements is critical for businesspeople who plan to use cloud-based services. Information security is the leading IT concern for small firms and large companies alike, according to the recent 2012 Top Technology Initiatives Survey by the American Institute of CPAs. Yet survey takers, speaking on behalf of their firms and clients, said they felt less confident about correctly using SOC reports than they did almost any other technology priority.

What should decision-makers do to make the right choices? Here are some tips:

  • Don't assume all cloud vendors are created equal. Security precautions can vary widely.
  • Question the credibility of firms that use inaccurate terms. Many vendors tout their data centers as "SAS 70 certified." But SAS 70 is an AICPA audit standard that has been superseded by SSAE 16 (which is covered by a SOC 1 report), and there is no such thing as a uniform certification process in this area.
  • Ask for SOC 3 reports, where available, and whether a SOC 2 engagement has been performed. If a vendor doesn't have one, make sure you understand the degree to which the firm uses encryption, storage redundancy, password rotations and robust physical security so you can gauge how well your data will be protected.
  • Make sure you have clear remedies spelled out if you suffer outages, data breaches or other issues regarding your critical business information.
  • Learn more about SOC reports and other security standards. For CPAs and other financial professionals, the AICPA has an array of publications, webcasts and study courses available on the topic.
(continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:

Scott:

Posted: 2012-03-28 @ 10:56am PT
Something else that should be considered is ISO 27001 or FedRamp for Cloud Security. You can read about both on our website. http://www.pivotpointsecurity.com/risky-business/egovernment-cloud-security-fedramp



Protect 100% of your Data The prevalence of laptops and mobile devices in the enterprise makes corporate data increasingly vulnerable to loss and breach. And yet, workforce productivity is now inextricably linked to mobility. Click here to access the white paper "Top 10 Endpoint Backup Mistakes" to learn more about how to confidently protect data across platforms and devices while also providing features designed to enhance the end user experience.


 CRM Press Releases
1.   Confirmation.com Popular with Banks
2.   Wells Fargo Eyes Zumigo for Security
3.   Pipeliner CRM Appoints New COO
4.   Porticor Boosts MS SQL Encryption
5.   Vectra Networks Gets Funding Boost
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Find Malicious Android Apps Can Hack Gmail
A new study shows that a weakness in the Android mobile operating system can be used to steal sensitive, personal info from unwitting users. Gmail proved to be the easiest app to attack; Amazon, the hardest.
 
UPS Stores in 24 States Hit by Data Breach
Big Brown has been breached. UPS said that about 105,000 customer transactions at 51 of its UPS Store locations in 24 states could have been compromised between January and August.
 
Cost of Target Data Breach: $148 Million Plus Loss of Trust
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 

Enterprise Hardware Spotlight
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 
Feds OK $2.3 Billion IBM-Lenovo x86 Server Deal
IBM and Lenovo are celebrating U.S. approval of their x86-based server deal, having cleared some major security hurdles. The deal makes Lenovo a major player for enterprise data centers.
 
Three New Lenovo PCs Aimed at Business Users
With businesses wanting computing solutions that do more for less money, Lenovo has unveiled three new desktop PCs that it says offer solid computing at a budget-minded price.
 

Mobile Technology Spotlight
Screen Shortage Briefly Puts Brakes on iPhone 6
RAM? Check. Antenna switch? Check. Screen? Oops. Parts suppliers for Apple have found themselves facing a shortage of screens for the new iPhone 6 as next month's release date for the new smartphone looms.
 
Bounty Offered to Coders for Oculus Rift Bugs
Coders who find bugs in software for the Oculus Rift VR immersive headset could receive a reward of at least $500 under Facebook's White Hat bounty program. Facebook acquired Oculus in March.
 
Google Glass Adds Voice Access to Phone Contacts
The latest update to Google Glass will let users access their top 20 phone contacts with voice commands alone. A user can then choose a phone call, Google hangouts, e-mail or text messaging.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.