CISO Series Newsletter
Posts
03-12-20 - Your Cloud Provider Broke an SLA. Now What?

03-12-20 - Your Cloud Provider Broke an SLA. Now What?

Your Cloud Provider Broke an SLA. Now What?

March 12, 2020

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Hybrid Cloud

On this episode of Defense in Depth:

Special guest co-host Taylor Lehmann, vp, CISO, athenahealth, and our sponsored guest, Chris Meenan, director, offering management and strategy, IBM Security, discussed:

Moving to the cloud, like any other technology initiative, is a business decision.
What controls are you ceding over to the cloud provider? What service level agreements (SLAs) and performance measurements do you have for the provider?
Be realistic about what’s going to be done if a service provider violates the SLA. You’re not going to all of a sudden dump the provider. You’re going to put some types of corrections in place. Make sure you know what those are and how that can be handled, realistically.
Understand your shared responsibility in the cloud. According to a report by FireMon on hybrid cloud use and adoption, about one-third do not fully understand the shared responsibility model of the cloud.
Start slow. While you may need to go with multiple cloud providers to fill distribution and requirements, begin with one and learn from that experience.
Use cloud adoption as an excuse to join forces with your privacy team to understand where data is being placed and what control you have over it.
Cloud providers are not interchangeable like a utility. Cloud providers are chosen based on the services they offer.

Thanks to this week's sponsor of Defense in Depth, IBM Security.

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, provides security solutions to help organizations stop threats, prove compliance, and grow securely. IBM operates one of the broadest and deepest security research, development and delivery organizations. It monitors more than two trillion events per month in more than 130 countries and holds more than 3,000 security patents.

Jinan Budge, Forrester on toxic security teams

Tomorrow! Friday 3/13/20, 10 AM Pacific - Video Chat: Coping with the New Reality of Work

Database of Israeli Cyber Startups, Just for CISOs

At Cybertech 2020, I spoke with Dorin Baniel, and Nofar Amikam of Glilot Capital Partners about a database they’ve made available to CISOs eager to learn more about the Israeli cyber community.

Mike Johnson on the difficulty of hiring cloud security talent

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.