Keeping Your Feet on the Ground With Data in the Cloud

Written by
move your data to the cloud

This post was originally published on business.com. The “cloud” is a popular marketing buzzword in business today. Despite the fervor surrounding it, many are still uncertain about what this term actually means. With current reports indicating 88 percent of companies are using public cloud services—and 63 percent are using private cloud services—business leaders should understand how the cloud functions and also how their organizations’ sensitive information will be secured and managed. Know the Risks Source: Right Scale A recent survey shows 93 percent of enterprise-level businesses are using CSPs (cloud service providers) in 2015, but 68 percent of those run less than a fifth of their application portfolios in the cloud. Big businesses are obviously interested in the cloud, so why are many of them keeping…

Plum Release Features: Import Improvements, Downloadable Reports, Configurable Displays and More!

Written by
Plum Release Features- Import Improvements, Downloadable Reports, Configurable Displays and More

ZenGRC was created with the vision of revolutionizing compliance management. At the core of this vision is the belief that when managed properly, compliance can be an incredibly exciting and valuable strategic asset. At Reciprocity, we are hard at work, improving our product so that it is optimized for the needs of our customers. Our latest release of ZenGRC, was driven by this optimization process and saw the introduction of several new features that will empower our users to better handle their compliance needs with ease. Below is a summary of these new features as well as explanations of their benefit to the user. Import Revamp Data-entry is a tedious task and we know that you have better things to be…

Tags:
Categorized in:

Compliance as a Service: A Buzzword or a New Trend in Business?

Written by
compliance as a service

This post was originally published on ITProPortal.  With nearly half of all businesses experiencing data breaches in 2014 alone, it’s almost like they’ve become a regular part of doing business. But when serious legal and reputation ramifications accompany a business’s failure to protect sensitive information, preventing them becomes a lot more important. Still, this doesn’t rectify the fact that companies continuously struggle to handle regulatory compliance in-house — nearly 80 per cent of businesses fail their interim Payment Card Industry compliance assessments. And when cloud service providers started to pick up on this need, a new trend was born: “compliance as a service.” But it’s important to remember that when you hand over information and processing to another company, you’re outsourcing…

Top 3 Challenges When Updating Your Compliance Framework

Written by
Top 3 Challenges When Updating Your Compliance Framework

Well, it’s happened again. The framework you worked so hard to implement across your company needs updating. This typically occurs every 4-6 years to provide organizations with enough time to prepare. For example, Sarbanes-Oxley, GLBA/FFIC, FISMA, and HIPAA are frameworks associated with traditional computing. Traditional frameworks like these took a long time to update. Yet, in the last several years, frameworks covering new technology change every 2-3 years. Standards that cover cloud, mobile, encryption, and vendor management fit this new model.  Thus, you will need to prepare to update your framework on an annual basis to keep up with all the changes. Each change to your existing compliance framework will pose a challenge. First, you should understand the impact the…

Tags: , , , ,
Categorized in:

September News Round-Up: China Hacks, the Carbanak Trojan, Bugzilla Breach and More

Written by
September News Round-Up- China Hacks, the Carbanak Trojan, Bugzilla Breach and More

China Hack Updates Although President Obama and Chinese President Xi Jinping were all smiles during their appearances in public this past week, behind closed doors, the mood was undoubtedly different. Tension amongst the two nations has been mounting in recent years, fueled in large part by cyber attacks. For several years, it has been widely known that China was responsible for large scale hacks of American government agencies and corporations. Despite accusations by the Obama Administration, both countries have remained suspiciously quiet about the attacks and China has yet to have to answer for their actions. However, the magnitude and maliciousness of China’s actions are coming to light and it appears that retribution, particularly in the form of sanctions, is on the…

Tags: , , ,
Categorized in:

A Perfect Nightmare: Compliance and Record Keeping Disaster Waiting to Happen

Written by
compliance pitfalls

Most organizations begin their path towards compliance using the tools at their disposal. Tools help organizations start their compliance journey, but they can cause some problems. You should take into account these compliance pitfalls so that you can have a smoother compliance journey. Pitfall #1 – Ensure everyone is working off of the latest version The first thing that a compliance team will do is identify the controls to test. To test a control you need to provide evidence. Evidence comes in many forms such as screenshots, archived emails, or system configuration. The list of controls that you compile for testing will evolve. For example, you may determine that some controls are “not applicable” and remove those. If you fail a…

Tags: , , ,
Categorized in:

August Standards Updates: FedRAMP Seeks Help, HIPAA Concerns, ISO “Landmark” and NIST Developments

Written by

FedRAMP Needs Feds to Help Refine High Impact Baseline The standards set forth by the High Impact Baseline will allow commercial cloud service providers to host sensitive information in their systems. Considering the potential that this Baseline has to shape the FedRAMP program going forward, officials are working hard to ensure that they get the standard right. After receiving public comments on their draft of the High Impact Baseline, FedRAMP is looking for help from federal employees to revise the standards set forth. FedRAMP plans to create “The Tiger Team,” which will consist of federal IT managers who can facilitate and oversee the revision process and prepare a final draft of the Baseline, which is scheduled to be finished prior…

Tags: , , ,
Categorized in:

August News Round-Up: The Ashley Madison Breach, Car-Hacking and Industry Updates

Written by

Get Your Affairs In Order: The Ashley Madison Breach Ashley Madison hackers made good on their initial threat from July this past week, releasing a downloadable database containing the following: 33 million accounts with user information, including names, street addresses and phone numbers 36 million email addresses 9.6 million documented transactions 10 GB of compressed data Regardless of the morality of Ashley Madison’s services, this was an illegal hack of a website whose business depends on the security and confidentiality of user information. The Ashley Madison story is particularly terrifying because it offers a glimpse of how damaging security breaches can be now as more personal user information moves online. Sensitive information, when shared publicly, hits far closer to home…

Tags: , , ,
Categorized in:

Humans: Data Security Strategy’s Worst Enemy

Written by
how to protect data security around your most vulnerable asset

This post was originally published on Small Business Computing.  Every organization requires some form of management; otherwise, it would be called a disorganization and business success would be elusive at best. It’s management’s job to establish roles and responsibilities for employees—especially when it comes to information security. Sixty percent of hackers can breach an organization’s system defenses within minutes. Risks and security incidents used to be managed on a case-by-case basis, but that’s no longer a viable option. The number of security incidents increased by 48 percent from 2013 to 2014, and notable companies including Adobe, eBay, Target, and The Home Depot were among the victims. But data breaches don’t affect only big-name brands; small businesses are also at risk. It’s time to wake…

Improve Security and Compliance with SAML

Written by
what is SAML

If your business operates with cloud-based applications, chances are you have heard of SAML. Despite being around since 2002, SAML is just now becoming a buzzword in the cloud security space. As businesses look to protect their data in the cloud, many are scrambling to understand what security benefits SAML has to offer them. What is SAML and why is it vital for your compliance objectives going forward? Hopefully over the next few paragraphs we can answer these questions for you. What Is SAML? SAML, or Security Assertion Markup Language, is a platform-neutral standard that allows for the secure transfer of information over the cloud through the integration of disparate security systems. One of the most important features offered by…

Tags: , ,
Categorized in: