Responsibility in the Cloud: Vendor vs. Organization?

Responsibility in the Cloud: Vendor vs. Organization?

Outsourcing and partnering with cloud providers can offer businesses a vast array of options for offering products and services around the globe and around the clock.  With this transition to the cloud comes the dangerous assumption that the vendor will sufficiently secure your data and you can hand this responsibility off to them.  Outsourcing functions to cloud vendors does not negate all responsibilities of the organization, and this session will cover those responsibilities that are often overlooked as a result of outsourcing relationships.

Learning objectives

• Appropriate vendor due diligence practices
• How to perform a cloud service risk assessment
• Common user entity controls to implement

About Thomas

Thomas has over a decade of experience in the information technology sector. As Cyber Services Advisor, he performs information security assessments for numerous nonprofit organizations, provides guidance relating to data privacy and data security regulations and serves as an advisor on internal and external  service and software strategies. Previously, Thomas has served as a state administrator and advisor for digital media and software development companies and has performed information security review engagements for financial institutions, medical entities, CPA firms, and other numerous other industries. His work included regulatory reviews covering a variety of guidelines including FFIEC, GLBA, HIPAA, and NACHA. Traina & Associates joined CapinCrouse in January 2017.