Cloud Computing Security

We evaluate and assess security controls and architectures for planned or existing cloud services against industry “best practices and standards”, regulatory requirements (FISMA, HIPAA, SOX, PCI, FedRAMP, etc.), and provide recommended steps to address deficiencies and improve the overall security of the cloud service (IaaS, PaaS, SaaS, or combination thereof) and protection of data within the supply chain.

We help our clients prepare for and meet compliance with the Federal Risk and Authorization Management Program which provides a standard approach to Assessing and Authorizing (A&A) cloud computing services and products.

We help our clients comply with by ensuring continued compliance with a multitude of federal-wide and agency-specific security requirements necessary for receiving an Authorization-To-Operate (ATO) through the A&A process and maintaining compliance as part of the CSPs ongoing Continuous Monitoring Program.

We assist our clients in understanding and assessing the risks associated with migrating to the cloud, while maintaining an assurance for areas such as data security (integrity and confidentiality), business continuity and disaster recovery, privacy, and isolation within a multi-tenant environment which are critical for securely adopting cloud solutions.

We assist our clients in preparing a report for submission to the CSA STAR public registry.  The compliance option includes either completing the Consensus Assessments Initiative Questionnaire (CAIQ) or documenting compliance with Cloud Controls Matrix (CCM). For additional information, please refer to the Cloud Security Alliance.

We assist our clients in establishing a strategy for integrating the CSA GRC Stack for self-assessment, audit preparation and automation, information security program alignment, exiting product/service integration, and processes/procedures.  The CSA GRC Stack includes the Consensus Assessments Initiative Questionnaire (CAIQ), Cloud Controls Matrix (CCM), CloudAudit API, and CloudTrust Protocol (CTP).  For additional information, please refer to the Cloud Security Alliance.