SOC 2 Type 2 Compliance Audit, Cloud Security
Data Security and Privacy are increasing challenges in today’s cloud-based environments.
MISCONFIGURED CLOUD SERVERS
“In 2018, the media sector topped the chart with 40 percent of publicly disclosed incidents. Half of these incidents involved misconfigured cloud servers and other improperly configured systems that leaked data or allowed a remote attacker to exploit the asset.”
“Attackers are targeting users of cloud services and misconfigured cloud servers are exposing sensitive or PII data”.
BREACHES AND REGULATIONS MAKE VENDOR RISK A PRIORITY
Organizations should check and monitor settings on cloud service architecture—do not maintain default settings. Vet third-party cloud vendors for high-security standards before choosing to do business with them. Ensure you are aware of who controls each component of your cloud infrastructure and define policies for where and how security measures are deployed. Implement the same security policies you would employ for classic IT infrastructure.
VENDOR (THIRD-PARTY) RISKS
From a cybersecurity perspective, third party risks frequently involve a set of threats that may exceed the scope of the organization’s risk management activities. Some organizations focus too narrowly on risks. For example, when hosting data in the cloud, most organizations ask the vendor for attestations or some evidence of cybersecurity capability.
CLOUD ASSURANCE FOR CSP’S
SOC 2 FOR CLOUD CSA STAR ATTESTATION
Cloud Security Alliance (CSA) in collaboration with AICPA developed a third-party assessment program of CSP officially known as CSA Security Trust & Assurance Risk (STAR) Attestation. STAR Attestation provides a framework for CPAs performing independent assessments of CSP using SOC 2 engagements with the CSA’s Cloud Controls Matrix (CCM) that covers privacy too. www.cloudsecurityalliance.org/star/attestation/.More on SOC Audit Services, ISO/IEC 27017 Audits for Cloud Security