Data Storage Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
News & Information for Data Storage Professionals
Vblock™ Systems:
Advanced converged infrastructure
increases productivity & lowers costs.

www.vce.com
Thursday, April 24th 
24/7/365 Network Uptime!
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Data Centers
Storage Solutions
Storage Networks
Data Storage Issues
Data Security
DST Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

DST Press Releases

Data Security and the Cloud: Get Up to Speed

Data Security and the Cloud: Get Up to Speed
March 26, 2012 1:15PM


Data Security and the Cloud: Get Up to Speed on Service Organization Control Reports

Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.

NEW YORK, March 26, 2012 -- Most people are wary of electrical devices that don't carry a seal of approval from Underwriters Laboratories, or a bank that isn't FDIC insured. Wouldn't it be great if there was something similar that businesses could rely on when choosing a cloud computing vendor?

With the marketplace still evolving, however, there isn't a single "thumbs up, thumbs down" standard for cloud security. Yet business technology leaders still have to make the right call on outsourced IT vendors and the integrity of data centers they use to deliver information to the cloud. The dilemma: many decision-makers are unfamiliar with or lack confidence in choosing the best services to make those assessments.

To address this need, the American Institute of CPAs has developed a series of services for data centers that, once completed, lead to documents called Service Organization Control (SOC) ReportsSM. SOC 1SM reports refer to controls of centers that impact customers' internal controls over financial reporting, while SOC 2 SM reports cover system reliability criteria, including data security, privacy, confidentiality, system availability and operating integrity. A SOC 3 SM report, meanwhile, is a short-form version of the SOC 2 report and the only one of the three that's designed for public consumption.

Making sure a vendor uses data centers that have gone through the proper audit engagements is critical for businesspeople who plan to use cloud-based services. Information security is the leading IT concern for small firms and large companies alike, according to the recent 2012 Top Technology Initiatives Survey by the American Institute of CPAs. Yet survey takers, speaking on behalf of their firms and clients, said they felt less confident about correctly using SOC reports than they did almost any other technology priority.

What should decision-makers do to make the right choices? Here are some tips:

  • Don't assume all cloud vendors are created equal. Security precautions can vary widely.
  • Question the credibility of firms that use inaccurate terms. Many vendors tout their data centers as "SAS 70 certified." But SAS 70 is an AICPA audit standard that has been superseded by SSAE 16 (which is covered by a SOC 1 report), and there is no such thing as a uniform certification process in this area.
  • Ask for SOC 3 reports, where available, and whether a SOC 2 engagement has been performed. If a vendor doesn't have one, make sure you understand the degree to which the firm uses encryption, storage redundancy, password rotations and robust physical security so you can gauge how well your data will be protected.
  • Make sure you have clear remedies spelled out if you suffer outages, data breaches or other issues regarding your critical business information.
  • Learn more about SOC reports and other security standards. For CPAs and other financial professionals, the AICPA has an array of publications, webcasts and study courses available on the topic.
(continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:

Scott:

Posted: 2012-03-28 @ 10:56am PT
Something else that should be considered is ISO 27001 or FedRamp for Cloud Security. You can read about both on our website. http://www.pivotpointsecurity.com/risky-business/egovernment-cloud-security-fedramp



 DST Press Releases
1. Internet of Things Webinar Launches
2. Ponemon: Organizations Under Siege
3. CorvisaCloud Unveils SMS Platform
4. DB Networks Named 'Hot Company'
5. DB Networks Board Welcomes Link

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  Lessons from Verizon's Threat Report
  Officials Reveal Microsoft Data Center
  Verizon Report Exposes Cyberthreats
  Samsung Data Center Catches Fire
  Heartbleed Exploit Could Cost Millions

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Where Do Web Sites Stand, Post-Heartbleed?
A security firm says the vast majority of Web sites have patched themselves to protect against the Heartbleed bug, but now there are questions raised on the reliability of open-source programs.
 
Navigation
Data Storage Today
Home/Top News | Data Centers | Storage Solutions | Storage Networks | Data Storage Issues | Data Security | DST Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 Data Storage Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.