What is Cloud Governance


Cloud governance is managing the GRC posture for the cloud service providers and the cloud consumers. Cianaa technologies approach cloud governance by using the risk assessment approach through the evaluation of the:-

  • Cloud contracts and agreements
  • Legal risks arising from jurisdictions
  • Evaluating data and data transition risks
  • Privacy impact assessments
  • Auditing the cloud systems to verify policies, apps and security are in place

 

What Cianaa Offer


 We offer the following services:-

  • Gap analysis of legal, technical and business risks of enterprises moving into the cloud (Mitigation Strategy)
  • Cloud risks assessment with respect to NZISM, NIST 800-53 and NERC
  • Cloud compliance with PCI DSS, HIPAA, ISO 27001:2013
  • Cloud Data Privacy Assessment with respect to ISO 29100, European Privacy Legislation, UK, USA, Asia Pacific and Middle East
  • Risk Analysis of Privacy, Service level and security agreements.
  • Scoping and Unified risk analysis of cloud services 
  • Evaluating cloud security quarterly for continuous improvement
  • Help governments to develop cloud policies for consumers and cloud service provider for regulatory purpose
  • Develop cloud regulations and laws 

 

Four Universal Principles of Cloud Governance


Cianaa Technologies provides effective cloud security and governance methodologies to enhance the confidence of the consumer based on the principles of alignment between "Technical, Social and Legal" doctrine to mitigate the risks.

Cianaa Technologies emphasize on four important principles; Transparency, Legal Protection, Compliance and Accountability. These are important to create trust, control and satisfaction of the consumer.These strategies bring long term viability and strength for the cloud service providers to gain and access the markets with confidence. Cianaa uses these principles to enhance cloud trust and security through practice.

Four Principles

Transparency is the universal principle that simply means the disclosure of information to benefit the consumers. The studies have shown that greater the transparency, greater the accountability. With this transparency also boosts the trust. The European, USA, Asian and Asia Pacific region have laws that enable the disclosure of information for the benefit of the consumer to make an informed decision. For cloud, transparency means that companies disclose relevant information, display their security certifications and accreditation for consumers.

The consumer will gain confidence through the choice of jurisdiction clause in the agreement. Current practice is arbitrary and the consumer does not have any choice except to accept the cloud service provider terms and condition. This is against various laws of different regions that offer more protection to the consumer. In the cloud, the cloud service provider can provide legal protection to consumer to gain more confidence and trust.

The consumer seeks cloud services to process, store and run their data in the cloud. The consumers might be running financial services, payment card services and adhering to the data protection, privacy and tax laws. The consumer may request compliance with HIPAA, PCI DSS, ISO 27001, ISO 9001 etc. The cloud service provider must maintain industry and legal compliance to grab the confidence of the consumer. It is also recommended that both entities, consumer and cloud service provider must cooperate to achieve compliance, especially in legal issues.

The three principles mentioned above lead to very strong accountability. There is no accountability process in practice. The accountability means that the cloud service provider should have a platform for dispute resolution, resolving conflicts, regular monitoring and support systems.