Cloud Security and Governance Considerations

Fri, 23 Mar 2012 19:39:14 +0000

Public cloud services have many benefits for organizations of all sizes. However, because cloud services are outside the direct control of an organization, there is a need to establish strong governance mechanisms. Dealing with cloud services requires careful attention to the roles and responsibilities between the organization and cloud provider.

There are important differences between cloud services and traditional outsourcing relationships. Unfortunately, most organizations do not understand the security and governance considerations for cloud services. Further, since cloud relationships are often initiated outside IT departments, IT managers have been slow to "get out in front" of the issue and build a corporate framework for evaluating and periodically reassessing cloud providers.

This presentation will enable decision makers to answer two primary questions:

• What are the steps for evaluating and selecting a cloud provider?
• How is the cloud provider relationship reviewed and periodically reassessed?

It will enable organizations to make informed, proactive decisions on cloud providers and better allow them to take full advantage of cloud services while minimizing the risks inherent in using these external services.

Keywords:

cloud security governance selection review

Speaker First Name:

Michael

Speaker Last Name:

Wojcik

Speaker Job Title:

Manager

Speaker's Company Name/Affiliation:

Ernst & Young

Speaker Bio:

Mike Wojcik is a Manager in Ernst & Young's Information Technology Risk Transformation Center of Excellence and is an established leader in cloud security and governance. He has performed cloud security assessments for organizations such as the US Homeland Security Department, US Commerce Department, and multiple private sector clients. He shepherded one of largest Software-as-a-Service (SaaS) platforms, Salesforce.com, through its first federal government security accreditation. He has presented extensively on cloud security and governance issues. Most notably, he spoke on a panel moderated by the current White House Cybersecurity Coordinator, Howard Schmidt, to advise the Secretary of Commerce and the Director of the Office of Management and Budget on cloud security and privacy issues. He has published general and cloud security articles in publications such as the National Law Review Online, Public CIO Magazine, and Risk Management Magazine. Mr. Wojcik has a BS degree in Electrical Engineering from George Washington University, and an MS and MBA from George Mason University. He also has a Certificate in International Political Economy, Technology, and Industry from Oxford University. He is a Certified Information Systems Security Professional (CISSP).

Speaker's Headshot Photo:

Speaker's Postal Address:

Ernst & Young LLP Westpark Corporate Center 8484 Westpark Dr. McLean, VA 22102

6th annual Cloud Slam 2014 Cloud Computing Conference, San Francisco CA, June 4, 2014. Cloud Computing Events 2014 - cloud security governance selection review

Cloud Security and Governance Considerations