Company Announces New Solution for Cloud Risk Assessment, Monitoring and Assurance Target Compliance, Security and Threats in Private, Public and Hybrid Cloud Environments
As Global 2000 private and large public sector organizations face increasing compliance and security demands, they are virtualizing more of their IT operations through private and public cloud environments. In this transition, organizations still need to “gracefully lose control” without undermining governance, risk management and compliance requirements.
A newly announced Cloud Risk Management solution from San Jose, CA based Agiliance Inc., will provide compliance, security and threat risk transparency for these fast-evolving private, public and hybrid cloud virtualized environments.
Agiliance’s Cloud Risk Management offering mirrors cloud risk governance stages that experts anticipate will be adopted in the market:
• Cloud Risk Readiness – This assessment service is for private cloud project and operator risk assessments, and public cloud project and provider risk assessments, inclusive of third and fourth party providers. The service uses the RiskVision platform, compliance controls assessment frameworks and content from PCI DSS 2.0, FISMA 2010, SOX, NIST, ISO, CSA, SANS and BITS, threat controls content from CSA, and cloud risk dashboards and reports.
• Cloud Risk Operations – Using Agiliance RiskVision as the base platform, this monitoring service is for private cloud virtualization security policy compliance, cloud threats and vulnerabilities and offline image re-compliance. Public cloud uses include compliance, segregation and virtualization provisioning management. For continuous compliance, NIST SCAP protocols, CIS benchmarks and secure configuration management integrations with VMware vShield, McAfee ePO and netIQ SCM are automated. For threat management, zero-day feeds from Verisign and the National Vulnerability Database (NVD), and virtualized vulnerability integrations with eEye Retina and Tenable Nessus are automated.
• Cloud Risk Audit – This assurance service targets emerging CloudAudit and other guidelines for private cloud operators and public cloud providers to perform automated regulatory health checks and provide transparency in their infrastructure (IaaS), platform (PaaS) and software (SaaS) environments. Agiliance RiskVision is the base platform that will articulate multi-party data flows and asset locations with real-time risk analytics.
According to a report by Forrester Research, Inc., “To take full advantage of the power of cloud computing, end users need to attain assurance of the cloud’s treatment of security, privacy, and compliance issues.” Another report by Forrester Research, Inc. also states that, “Instead of waiting for the cloud industry to step up its support for regulatory compliance, security professionals should look beyond their providers for compensating controls to aid cloud sourcing.”
“What has been holding back the adoption of cloud computing in large organizations are consistent and standardized frameworks, open standards and interfaces that address security controls and easy to implement processes to provide assurances on levels of GRC and security in cloud environments,” said Jim Reavis, co-founder and executive director of the Cloud Security Alliance.
In a recent Novell sponsored survey of more than 200 IT professionals at large enterprises, 89 percent of respondents see private clouds as the next logical stop for organizations already using virtualization and 93 percent feel private cloud platforms should offer a management framework that can span a heterogeneous infrastructure. In addition, 91 percent of the survey respondents noted concern about the inherent security risks public clouds present.
Agiliance Cloud Risk Readiness Service and Cloud Risk Operations Service will be available December 2010. The Agiliance RiskVision platform and applications are available on-demand, starting at $37,500 per year. Agiliance also plans to release Cloud Risk Audit Service in 2011.
< Be Informed. Subscribe to the SecurityWeek Email Briefing Here >