Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

TaaS

Cloud maturity study reveals the top 10 issues eroding cloud confidence

Website: www.isaca.orgThe Cloud Security Alliance (CSA) and ISACA have issued the results of their survey of how organisations feel about the “cloud”.

The report provides detailed insight on the adoption of cloud services among all levels within today’s global enterprises and businesses. I have summarised the report below.

The study reveals that cloud users in 50 countries were least confident about the following issues (ranked from least confident to most confident):

  1. Government regulations keeping pace with the market (1.80)
  2. Exit strategies (1.88)
  3. International data privacy (1.90)
  4. Legal issues (2.15)
  5. Contract lock in (2.18)
  6. Data ownership and custodian responsibilities (2.18)
  7. Longevity of suppliers (2.20)
  8. Integration of cloud with internal systems (2.23)
  9. Credibility of suppliers (2.30)
  10. Testing and assurance (2.30)

While there are many positive indicators that support the planned adoption and perceived use and value of cloud services in the years ahead, there remains much progress to be made to engage and gain the buy-in among business leaders.

“As a first step, we as an industry must still work to provide a clearer definition of what cloud is and how the many innovative and secure services can help positively impact today’s businesses,” said J.R. Santos, global research director at CSA. “But, we need to start at the top and engage senior management. Cloud needs can no longer be thought of as a technical issue to address, but rather a business asset to embrace.”

“One of the most interesting findings is that governance issues recur repeatedly on the list of the top 10 concerns. Cloud users recognize the value of this model, but are wrestling with such questions as data ownership, legal issues, contract lock-in, international data privacy and government regulations,” said Greg Grocholski, CISA, international president of ISACA. “As cloud services continue to evolve, it is critical that we work together as an industry to provide insights and recommendations on these issues so that service and solution providers can look to innovate and deliver what the cloud services market needs to advance and what enterprises need to succeed.”

Survey Overview

Results of the study provide much insight on the progression of cloud adoption. For example,

  • Business enablers (score 4.08) rather than financial considerations (score 3.5) are the primary factors in making cloud decisions, with the least important factor being the ability to reduce the environmental footprint of the organization (score 2.67)
  • The business enablement factors that most influence cloud computing decision making are related to the reliability and availability of services (mean score 4.59) and quality of service (score 4.29)

Respondents feel there is room for improvement when it comes to innovation in the cloud.

  • 24% survey takers indicate that there is no or limited levels of innovation in the market
  • 43% of respondents believe there is a moderate level of innovation
  • 33% report that the level of innovation in terms of products, services and business use is significant

“Survey results show that CIOs and IT management understand cloud best and are most involved in driving cloud innovation in their organizations. This limits cloud maturity and innovation since cloud continues to be viewed as a technical solution and not as a business enabler,” said Yves Le Roux, a member of CSA and the ISACA Guidance and Practices Committee. “Cloud can provide business-building innovation, but to get to that point, there needs to be more buy-in and a better understanding among business leaders and C-level executives of the cloud’s value and risk.”

Nearly all respondents feel that cloud computing is far from reaching maturity, with only software as a service (SaaS) cautiously placed at the earliest state of growth level, with infrastructure and platform services still considered in the infancy stages.

Respondents remain moderately confident that cloud services are meeting service and strategy expectations and that problems are being addressed. Many rated cloud services as providing confidence in strategy and problem resolution (means score 3.47), indicating cautious optimism that cloud will advance in maturity and problems limiting its adoption will be addressed.

 

Advertisements

Eight Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data

Credit card
Image via Wikipedia

Eight Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data

Merchants are constantly seeking ways to simplify and reduce the scope of the Payment Card Industry’s Data Security Standard (PCI DSS) compliance by shrinking the footprint where cardholder data is located throughout their organization.

By reducing the scope, these Merchants can dramatically lower the cost and anxiety of PCI DSS compliance and significantly increase the chance of compliance be that an audit or a Self Assessment Questionnaire (SAQ).

The White Paper “Eight Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder Data” explores the use of tokenization as a best practice in improving the security of credit card transactions, while at the same time minimising the cost and complexity of PCI DSS compliance by reducing audit scope.

The 8 Ways are

  1. Centralized data vault
  2. Tokens as data surrogates
  3. Tokens as surrogates for masked data
  4. No mathematical relationship between tokens and data values
  5. One-to-one or one-to-many token/data relationships
  6. Format Preserving Tokenization™
  7. Centralized key management
  8. Tokenization as a Service™ (TaaS)

For the full description of the 8 methods simply download the white paper here

Registration is required, some personal email accounts do not work e.g. Hotmail and Gmail. If you are having a problem please leave a comment and I will try to email the paper directly to you.

Also see a Free eBook  “Tokenization for Dummies” here.

.

Blog at WordPress.com.

Up ↑

%d bloggers like this: