Agiliance, Inc., a provider of Governance, Risk and Compliance (GRC) solutions, today announced its RiskVision Cloud Risk Management Services embed content and controls from the Cloud Security Alliance (CSA) GRC Stack, a suite of enabling tools for GRC in the cloud.
Whether implementing private, public or hybrid clouds, the shift to compute-as-a-service presents new challenges across the spectrum of GRC requirements. The Cloud Security Alliance GRC Stack, announced on November 17th, provides a toolkit for enterprises, cloud providers, security solution providers, IT auditors and other key stakeholders to instrument and assess both private and public clouds against industry established best practices, standards and critical compliance requirements.
By implementing the CSA GRC Stack into RiskVision and making it the foundation for Agiliance’s recently launched Cloud Risk Management service, Agiliance says it is the first GRC vendor to bring this combined set of best practices to the GRC community. The new CSA-enabled RiskVision allows Agiliance customers to monitor compliance in the cloud against specific frameworks and regulations such as PCI and HIPAA.
“Cloud computing has created great interest as a means of revolutionizing enterprise IT, but concerns over data protection, privacy and security impede progress,” said John Katsaros, principal at Internet Research Group. “Products that adapt tools to cloud infrastructure and integrate industry best practices, such as the CSA GRC Stack, help organizations create an accountable implementation of enterprise policy and security assessments within the cloud.”
The Cloud Security Alliance GRC Stack is an integrated suite of three CSA initiatives: CloudAudit, Cloud Controls Matrix and Consensus Assessments Initiative Questionnaire. Agiliance RiskVision now ships with the two components made ready for use by CSA:
• Cloud Controls Matrix (CCM) provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. As a framework, the CSA CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to the cloud industry.
• Consensus Assessments Initiative Questionnaire (CAIQ) performs research, creates tools and creates industry partnerships to enable cloud computing assessments. The CAIQ provides industry-accepted ways to document what security controls exist in IaaS, PaaS and SaaS offerings, providing security control transparency. The questionnaire (CAIQ) provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider.
“We are pleased that Agiliance has embraced our initiatives around Cloud Controls Matrix, and the Consensus Assessments Initiative Questionnaire,” said Jim Reavis, executive director of the Cloud Security Alliance. “Agiliance shows leadership by adopting our new industry recommendations so quickly and helps evangelize best practices for providing security assurance within cloud computing.”
More information on RiskVision with the integrated CSA GRC Stack is available here.