Most companies nowadays use the cloud to store their sensitive data and make it accessible anytime and from anywhere over the internet.
83% of enterprise workloads will be in The Cloud by 2020.
—Louis Columbus, Forbes
However, as with any piece of technology, cloud computing comes with great advantages for its users but also with some challenges in terms of security for service providers.
In recent years, there have been numerous cloud computing attacks:
Millions of people like you and me have had their personal data stolen, leaving companies with the hard task of covering substantial financial losses and of proving once again to the whole world that they can guarantee their users’ security.
Sure. It's nice to daydream about being a superhero every once in a while. But we're all just human.
So when I get asked how we handle security at Proxyclick, the best answer I could possible give is "the best we can." But it's more complicated than that, of course. As a cloud-based visitor management system, our software handles visitor data across the globe.
And like other providers we must ensure that our infrastructure is secure and our users' data is fully protected. We take this very seriously.
Among our external validations and certifications that keep us honest, is the Cloud Security Alliance (CSA) CAI Questionnaire.
Note: Proxyclick's completed questionnaire is available upon request and under NDA. For more information contact support@proxyclick.com.
Simply put, the Consensus Assessments Initiative Questionnaire (CAIQ) is a set of “yes or no” questions a cloud consumer and cloud auditor can ask of a cloud provider in order to determine the effectiveness of their security controls.
It helps cloud providers (like Proxyclick) to assess their own security level and also guides any necessary assessment processes for engaging with cloud provider.
Designed by the Cloud Security Alliance (CSA) as part of its Governance, Risk Management, and Compliance (GRC) Stack, the CAIQ follows the organization’s mission of defining best practices and standards that create a more secure cloud computing environment for both providers and users.
According to the CSA Guidance, cloud computing involves a shared responsibility model in which:
The Cloud Security Alliance provides two essential tools to help meet these two requirements:
Both documents are especially useful for ensuring compliance requirements are met.
As previously mentioned, the CAIQ analyzes the security controls a cloud provider has at that moment and determines if they match industry standards.
Application & Interface Security: assessing the security of application software that is running on or being developed in the cloud
Audit Assurance and Compliance: ensuring the audit function is efficient and applied to cloud system
Business Continuity: reviewing the ability to continue operations in the event of an outage
Change Control & Configuration: ensuring any changes in the cloud follow the same process as internal system
Data Security and Information Lifecycle: assessing the means of identifying important data and the controls established to secure it in accordance with corporate policy
Data Center Security: ensuring the effective implementation of physical control
Encryption and Key Management: analyzing data encryption implementation and ensuring scalable key management
Governance and Risk Management: assessing the ability to govern and measure enterprise risk introduced by cloud computing
Human Resources: analyzing factors such as background screening, employee agreements, employee roles/ responsibilities, workforce training, and awareness which can impact cloud data security
Identity and Access Management: managing identities and leveraging directory services to provide access control
Infrastructure and Virtualization Security: assessing core cloud infrastructure security, including networking, workload security, and hybrid cloud considerations
Interoperability and Portability: reviewing the ability of cloud systems to interact and work with each other, which also impacts the ability of a user to move and their applications and data between their cloud systems
Mobile Security: ensuring secure cloud computing on mobile devices
Incident Management, E-Discovery, and Cloud Forensics: assessing incident detection, response, notification, and remediation procedures
Supply Chain Management: reviewing security controls that mitigate and contain data security risks across the cloud supply chain
Threat and Vulnerability Management: assessing threat and vulnerability mitigation and protection
Interested in reviewing the questionnaire for your own cloud systems? You can download the CAI Questionnaire here.
Remember, using tools such as the CAIQ to determine the security of a potential cloud service partner can help you make the right decision for your company’s future.
Relying on a cloud infrastructure that is fully protected from known and emerging threats allows your business to leverage the best that cloud computing has to offer. Namely, the ability to operate at scale, to reduce technology costs and use agile systems that give you an undeniable competitive advantage.
Last but not least, we believe that securing your premises and maintaining regulatory compliance using a strong cloud-based visitor management system is key to a secure infrastructure.
Meet your security and compliance objectives with our solution can help you with several tasks:
...and much more.
If you'd like to see for yourself how much a difference the right visitor management solution can make, then start a free trial and we'll be with you every step of the way.