New Software Services for Cloud Risk Assessment, Monitoring and Assurance Target Compliance, Security and Threats in Private, Public and Hybrid Cloud Environments
Agiliance Inc., the leading independent provider of Governance, Risk and Compliance (GRC) solutions, today announced its Cloud Risk Management solution – encompassing risk-driven readiness, operations and audit software services for fast-evolving virtualized environments. These services provide compliance, security and threat risk transparency for private, public and hybrid clouds, addressing a huge trust gap between physical and virtual operations.
Today’s news closely follows the announcement of marked company growth and recognition in innovation for RiskVision 5.0, already available on-demand in the cloud, further simplifying deployment for customers who require minimal IT effort in running GRC systems.
Business factors make applications in the cloud attractive, yet organizations are unprepared to tackle compliance and security risks introduced in a cloud environment. As Global 2000 private and large public sector organizations face increasing compliance and security demands, they are virtualizing more of their IT operations through private and public cloud environments. These organizations must “gracefully lose control” without undermining GRC commitments. Solutions that address the stages of cloud adoption with an ultimate view toward “transparent compliance” are paramount.
Agiliance’s Cloud Risk Management offering mirrors cloud risk governance stages that experts anticipate will be adopted in the market:
- Cloud Risk Readiness. This assessment service is for private cloud project and operator risk assessments, and public cloud project and provider risk assessments, inclusive of third and fourth party providers. The service uses the RiskVision platform, compliance controls assessment frameworks and content from PCI DSS 2.0, FISMA 2010, SOX, NIST, ISO, CSA, SANS and BITS, threat controls content from CSA, and cloud risk dashboards and reports.
- Cloud Risk Operations. Using Agiliance RiskVision as the base platform, this monitoring service is for private cloud virtualization security policy compliance, cloud threats and vulnerabilities and offline image re-compliance. Public cloud uses include compliance, segregation and virtualization provisioning management. For continuous compliance, NIST SCAP protocols, CIS benchmarks and secure configuration management integrations with VMware vShield, McAfee ePO and netIQ SCM are automated. For threat management, zero-day feeds from Verisign and the National Vulnerability Database (NVD), and virtualized vulnerability integrations with eEye Retina and Tenable Nessus are automated.
- Cloud Risk Audit. This assurance service targets emerging CloudAudit and other guidelines for private cloud operators and public cloud providers to perform automated regulatory health checks and provide transparency in their infrastructure (IaaS), platform (PaaS) and software (SaaS) environments. Agiliance RiskVision is the base platform that will articulate multi-party data flows and asset locations with real-time risk analytics.
According to a report by Forrester Research, Inc., “To take full advantage of the power of cloud computing, end users need to attain assurance of the cloud’s treatment of security, privacy, and compliance issues.”1 Another report by Forrester Research, Inc. also states that, “Instead of waiting for the cloud industry to step up its support for regulatory compliance, security professionals should look beyond their providers for compensating controls to aid cloud sourcing.”2
“What has been holding back the adoption of cloud computing in large organizations are consistent and standardized frameworks, open standards and interfaces that address security controls and easy to implement processes to provide assurances on levels of GRC and security in cloud environments,” said Jim Reavis, co-founder and executive director of the Cloud Security Alliance (CSA). “I am pleased to see a leading independent IT GRC provider like Agiliance join CSA and participate in the Controls Matrix and CloudAudit. Agiliance’s support of these key emerging practices and standards will enable their customers to maximize the insight they have into their compliance status and risk posture in the cloud according to the industry’s best available knowledge.”
Availability and Pricing
The Agiliance RiskVision platform and applications are available today on-demand in the cloud, starting at $37,500 per year. The Agiliance Cloud Risk Readiness Service and Cloud Risk Operations Service will be available December 2010. Actual fees depend on cloud operator and cloud provider scale. The Cloud Risk Audit Service will be available in 2011.