Cloud Computing for Government Efficiency and Transparency

Government Cloud Computing

Subscribe to Government Cloud Computing: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Government Cloud Computing: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

GovCloud Authors: Elizabeth White, Dana Gardner, Kevin Jackson, Pat Romanski, Flint Brenton

Related Topics: Cloud Computing, PC Security Journal, Cloudonomics Journal, Enterprise IT: Moving CapEx to OpEx , Security Journal, Government Cloud Computing, Government News

News Feed Item

Compliance Research Group Outlines Strategies for Stronger Cloud Computing Risk Management

Leading Compliance Analysts Say Stronger Security and Privacy Decisions, and Management Are Delivered With the Cloud's Bird's Eye View

DENVER, July 27 /PRNewswire/ -- Compliance Research Group (CRG), an industry analyst firm focused on IT risk management and compliance, has completed its latest Research Brief on cloud computing compliance and IT security. The brief, Managing Compliance and Security for Cloud Computing, provides insight on how a top-down view of all IT resources within a cloud-based location can deliver a stronger management and enforcement of compliance policies. CRG analysts recommend compliance and security managed from a cloud platform to properly monitor and control a mix of sensitive information resources located in both cloud-based and enterprise applications.

This latest Research Brief from CRG is available for free at

"Sensitive covered information inside trusted enterprise networks traditionally have been secure islands managed individually," said Mark Willoughby, a principal and lead analyst at CRG. "Adopting cloud computing means organizations must update how they identify threats and deploying defenses. Efficient and effective risk management for compliance policies governing covered information in both the cloud and trusted enterprise networks demands a new perspective."

According to the CRG research, distributed resources are best monitored from a top-down cloud perspective to correlate user actions and events across a wide scale. Isolated or stand-alone networks and resources lack visibility into cloud-based resources, and cannot offer the unified compliance perspective required by centralized risk management policies and procedures.

Without the top-down perspective the risk of redundancy and duplication increases, and the valuable intelligence gained by correlating events and actions across all resources does not exist. For instance, correlations are the best way to gain clarity into attacks on multiple addresses originating from anonymous cloud-based locations, a favorite denial of service tactic most recently used against South Korean and U.S. government websites.

"We apply a lesson from history to the cloud-based risk management approach - using the barbarians to conquer the barbarians. Throughout history, since Rome defeated Carthage, risks have been reduced and attacks thwarted by borrowing strategies and tactics from adversaries," Willoughby said. "Those correlations are best done from the strategic high ground offered by cloud-based compliance policy management. Closer to home, correlating credit card transactions processed inside a trusted enterprise network with fulfillment and shipping information located in a cloud-based service can reveal the probability of fraud."

About Compliance Research Group

Compliance Research Group ( is a Denver-based analyst firm offering custom risk management research and marketing guidance to the IT, security and compliance community. The firm's principal analysts have decades of experience developing IT security strategies and consulting with enterprise IT organizations and solutions providers.

SOURCE Compliance Research Group

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.