Managing Cloud Security and Compliance Risks

Welcome back to another installment of our Cloud Center of Excellence post series!

In the first post of this series, we presented the core tasks of the Cloud Center of Excellence, also known as the Cloud Competence Center, and the arguments for organizations establishing a dedicated team. If you are unfamiliar with the core tasks of the Cloud Center of Excellence we encourage you to read our article on "The 7 Core Tasks of the Cloud Center of Excellence" first!

In this blog post series, we take a closer look at these seven core tasks and show you how our Cloud Transformation Platform Txture helps the CCoE to perform a faster and cheaper cloud transformation with fewer risks. Let’s have a look at the CCoE’s seventh task.

Managing Cloud Security and Compliance Risks

Security and regulatory requirements are changing fundamentally due to the cloud. Defining and applying corporate security standards in all aspects of the IT architecture and ongoing operational support is another key task of the Cloud Center of Excellence. This also includes ensuring that the cloud services meet all compliance requirements of the respective business area.

Assessing business applications from a technical, business, security, and compliance perspective is one of Txture’s key strengths. During the Cloud Readiness Assessment Txture identifies potential security risks, for example, with regards to interface encryptions, data privacy issues, and data storage locations. For the assessment of a business application’s security requirements, a rule set is used. Each rule assesses a specific aspect of the application and it’s infrastructure. A flexible weighting of cloud assessment rules allows prioritizing specific areas that are critical for a specific business area or industry.

Screenshot-01. Excerpt of weighable Cloud Assessment Rules in Txture CT.

The range of different cloud products and configurations existing on the market does not make it easy to identify compliant cloud products. Fortunately, there are a number of certifications that ensure a particular service meets specific compliance requirements. The CCoE needs to make sure that only services are used that have the required certification. In Txture’s target architecture preferences it is possible to specify Certification Requirements, such as C5, ISO27001, or various others.

If certification requirements are defined, Txture takes them into account for the calculation of Cloud Architecture Proposals. Thus, only cloud services that have an appropriate certification are considered and the proposed cloud architecture can be used as a compliant blueprint for the cloud migration.

Screenshot-02. Excerpt of Target Architecture Preferences in Txture CT. Certifications can be defined as “must-have” for the cloud architecture proposals

Screenshot-03. Excerpt of a Cloud Proposal in Txture CT. All of the contained cloud service’s covered certificates are shown.

Txture has helped numerous Cloud Center of Excellence teams that are facing large scale cloud transformations, speeding up their transformation and reducing costs and risks.

Get in touch to discuss how Txture can facilitate the cloud journey of your organization.