Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: Cloud vendor evaluation - The certifications you are looking for are what your vendor achieved, not their vendor. If the vendor states they have a certification and sends you AWS’ certification, that is a BIG RED FLAG. In fact, run!.

Friday, July 27, 2018

Cloud vendor evaluation - The certifications you are looking for are what your vendor achieved, not their vendor. If the vendor states they have a certification and sends you AWS’ certification, that is a BIG RED FLAG. In fact, run!.

Free copy of "Vendor Security Assessment" Questionaire here:
https://www.vendorsecurityalliance.org/questionnaire2018.html

Here is a little trick I use when trying to verify the trust of a vendor without any certifications. I first ask what security/compliance framework they follow. Let’s say they answered PCI then I go down to where I asked them how often they scan for vulnerabilities. If they state annually, then they obviously are not following the PCI framework.

Remember, your job is to assess the risk and relay that back to the business. If the business still wants to move forward with a high-risk vendor then the business owner didn’t understand the risk and you should move the discussion around compensating controls. Once you start down that path, the business owner usually instructs their team to look for other cloud vendors

https://www.alienvault.com/blogs/security-essentials/you-are-doing-cloud-vendor-assessments-wrong

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Friday, July 27, 2018

Cloud vendor evaluation - The certifications you are looking for are what your vendor achieved, not their vendor. If the vendor states they have a certification and sends you AWS’ certification, that is a BIG RED FLAG. In fact, run!.

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive