All Articles

Action List Before Adopting a Cloud Technology

Posted by CISO Platform on August 27, 2013 at 11:30pm

Firstly the CISO has to work with the CIO and the business to understand the business need to implement this and then clearly articulate associated risk exposure to the firm and its stakeholders.

A detailed due diligence has to be completed following which the risk posture and risk mitigation guidance has to be provided. Subsequently a corporate policy along with the mitigating controls has to be implemented and training imparted to the relevant business users.

( Read more:  Top 5 Application Security Technology Trends)

Key parameters based on which a CISO should choose a vendor

Apart from the standard vendor due diligence one has to ensure the following –

  • Review security awareness & preparedness of the vendor (including staff) and real world deployment of the same from Cloud services perspective
  • Does the vendor meet all relevant Security and Compliance related industry standards?
  • Does the vendor have a strong DR program (Implemented & Tested) to maintain the continuity of services and has a DR site geographically at a safe distance?
  • Overall location of the vendor hosting center/facility from a threat exposure perspective (external & internal influencers)
  • Does the vendor offer “Try Me” program before getting into contract?

( Read More: Top 6 'Cloud Security' talks from RSA Conference 2016 (USA))

Top Questions to ask vendor for evaluating the offering/Vendor Evaluation Checklist

  • How does the vendor address Security issues like  Data protection in motion, Encryption Key management, Data management/storage, Access Controls?
  • Does the vendor offer Right to Audit
  • Does the vendor have a DR site? How far is it from the hosting site?

( Watch more : Checklist: How to choose between different types of Application Security Testing Technologies?)

Top mistakes to avoid while selecting a vendor

  • Not doing a due diligence on the vendor & services offered e.g. speaking to service provider’s customers
  • Not understanding Cloud’s intrinsic security issues and the standards involved
  • Not involving the multiple service providers in selection process. It is important that service providers with proven track record in the area are invited

-By  Rajesh R Nair, Vice President, Credit Suisse

( More:  Want to become a speaker and address the security community?  Click here  ) 

Views: 303
Tags: Amazing, Checklists, Most
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by CISO Platform

Priyanka, Co-Founder and Editor, CISO Platform Breach Intelligence, leads our threat intelligence and incident analysis efforts, providing actionable insights to the global cybersecurity community. With extensive experience in cybersecurity leadership and breach analysis, she specializes in translating complex technical threats into strategic intelligence for security executives.

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Comments

  • Kinshuk De December 30, 2013 at 6:23am

    thanks for good article

This reply was deleted.

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

6 City Round Table On "New Guidelines & CISO Priorities for 2025" (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

Dec 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
India
  • Description:

    We are pleased to invite you to an exclusive roundtable series hosted by CISO Platform in partnership with FireCompass. The roundtable will focus on "New Guidelines & CISO Priorities for 2025"

    Date: December 1st - December 31st 2025

    Venue: Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata

    >> Register Here

  • Created by: Biswajit Banerjee

Fireside Chat With Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.)

Jan 10, 2026 from 4:30pm to 5:00pm
Online
  • Description:

    We’re excited to bring you an insightful fireside chat with Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.) and Erik Laird (Vice President - North America, FireCompass). 

    About Sandro:

    Sandro Bucchianeri is an award-winning global cybersecurity leader with over 25…

  • Created by: Biswajit Banerjee
  • Tags: ciso, sandro bucchianeri, nab