Cloud Risk Assessment

Cloud computing risks clearly identified

Your organization undoubtedly has one or more (mission-critical) systems hosted by a cloud provider or you are currently undergoing a transformation to the cloud. 

Accommodating/migrating (mission-critical) systems to a cloud provider, like any transformation, involves risks. Depending on the degree of outsourcing (business critical) systems, these risks can be very complex. To clearly map these risks and identify possible areas for improvement, we can perform a Cloud Risk Assessment (CRA) together with you. This assessment can be specifically tailored to the outsourcing model you use, whether this is SaaS (Software as a Service), PaaS (Platform as a Service) or IaaS (Infrastructure as a Service).  

To perform this assessment, we use the Cloud Control Matrix (CCM) from the Cloud Security Alliance (CSA). This framework consists of 197 internal control objectives divided into 17 domains, including Audit & Assurance, Application & Interface Security, Business Continuity management, Data Security & Privacy, Logging and Monitoring, Identity & Access Management, and Universal EndPoint Management. 

The Cloud Controls Matrix (CCM) complies with the following standards and norms, among others: ISO/IEC 27001/27002/27017/27018, CIS, AICPA, PCI-DSS, NIST and ISACA COBIT.

As a specialist, ARC People has experience in various industries in pragmatically applying this framework and performing Cloud Security Assessments. If desired, we do this in collaboration with employee(s) of your organization, so that knowledge is also transferred. Want to know more? Feel free to contact us to discuss the possibilities. 

Anita van der Leeuw
Senior Manager of IT Audit & Risk