Vendor Security Questions

85 pts.
Tags:
Network security
Network Security Management
Open IT Forum
Security
Hello, I am a student in the Network Security program at the University of Advancing Technology and just read "Plan, Do, Check, Act". The URL is below.

https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/deployment/574-BSI.html

Years ago everything was stored in the data center and protected by firewalls, routers, DMZs, IDS/IPS solutions, etc. Recently the "cloud" has become very popular and SaaS vendors are popping up every where. To me this poses a big risk to company data. When we were in the data center we trusted our team - a small handful of skilled folks to harden and secure systems. For the most part we knew who was accessing what and when. We could protect remote access with controls and prevent access to systems by employees over the Internet. Now, this new cloud model allows anyone to connect from anywhere at any time. Information is no longer safely stored on our network. It is hosted and shared with other companies and individuals. Back end databases could be mingled with other customers, unauthorized vendor employees could have access to our data, flaws may exist in systems, web services could be vulnerable to numerous attacks and networks may not be protected or configured properly. It's a tough decision to chose a hosted or a vendor supplied solution to implement. It is my job to do the best I can to protect the company data but I also have to play the CYA game too. I am curious to find out how many follow the guidelines in the "Vendor Provides" Element under the SKiP section? Initially the answer to the question is obvious but how detailed and how far do you go. That's what I would really like to know. What are the not so obvious questions to ask?

Thanks
ad2

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kevin Beaver
    Welcome to the world of increased complexity and lowered security! I've written a lot about cloud security and, in particular, here's a piece that might help you:
    http://searchcompliance.techtarget.com/tip/Twelve-ways-to-keep-your-cloud-strategy-compliant

    17,630 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following