Title
Running head: CLOUD COMPLIANCE
CLOUD COMPLIANCE 2
Cloud compliance
Students name
Institution affiliation
Course
date
Cloud compliance proposal
Employees oversight
Below is a cloud compliance proposal for Ballotline Company. Before moving to the cloud, there should be an enhancement of procedures and programs related to cloud compliance. Employee’s processes, as well as the location, will need to be affected. Employees who are working in the security and IT should be advanced in training. The organization should also invest more in the rules and regulations applied in each job. Employees need to take a role in the structuring and modification of the cloud compliance program. They must also adhere to the new training and environment as the company y shifts to the cloud.
policies and procedures
The first procedure to be followed before, moving to the cloud is crucial to be aware of the regulations and the possible guidelines. They may be local typical and national, and they may also require to meet the international standards. Ballotine should then find a CPS which meets the laid down set of rules. The second procedure is accessing the bette3r and most effective control. Lack of authentication, access, and control identity is a significant cause of data breaches among companies. The ballotine should introduce multifactor authentication. The third procedure is data classification and where about on the data storage arena.
The audit requires the execution of a full auDIT. The company chooses a legitimate and reputable CPS. The final procedure is comprehensive. It should also be complete and adequate encryption. The ballotine should ensure that all the essential data is encrypted to guarantee protection and avoid compromises. The company should choose the best type of encryption to be applied.
Education programs
Ballotine employees dealing with cloud compliance should undergo training on zero trusts as well as the software-defined perimeter. The education program will enable the company to protect the incoming variations of the old attack methods. Employees should also enroll in online resources. They should explore the education programs provided by CSA and further their compliance education. The company should also undertake a cloud security alliance program. The program will assist in expanding its network to the community of cloud security. The system also will benefit providers and customers.
Components
There are several components of the cloud which the organization needs to consider. The first component is the storage-as-a-service. It is a platform that can request and use physically as a remote site. The company should also utilize database services. Besides, it should also implement integration and platform service components. The components will enhance the creation of applications enterprise levels, which are cost-effective. The essential element is security services. Ballotine will require security features since operations and data are handled remotely (Pan, 2020). The company will also require management services. The component will be utilized for cloud resource operations, virtualization, and downtime management.
Enforcement mechanism
The company should focus on enforcing policies. The company should apply resource creation rules and configuration settings. The enforced resources will enable ballot line cloud compliance standards to raise the level of service agreements. Since the cloud estate is growing to a span of multiple subscriptions, the company should focus on a cloud-estate-wide enforcement approach to enhance constituency of policies. The organization should also enhance automated enforcement. There should be standardized provisioning as well as the deployment of orchestration for B solutions.
Audit monitoring
The ballotine should implement an audit monitor mechanism. The mechanism is utilized for the collection of audit tracking for IT resources and networks. It is supported by tactual obligations and regulators (Bharadwaj, 2018). It intercepts login requests and secures the security credentials of the requestor. The platform is sufficient for data security while messaging.
Incident responses
In case of occurrence of a risk, a ballotine company has been recommended to develop and incidence response plan for IT in cloud computing. The plan should comprise instructions to assist the cloud computing IT staff detects the security incidents. It will also include guidelines to respond, detect, and recover from the events; the plan should also address problems such as data loss, cybercrimes, and service-out wages.
References
Pan, H., Liu, C., Duan, S., Han, P., & Fang, B. (2020). Scene text reading based cloud compliance access. World Wide Web, 23(4), 2633-2647.
Bharadwaj, D. R., Bhattacharya, A., & Chakkaravarthy, M. (2018, November). Cloud threat defenseA threat protection and security compliance solution. In 2018 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM) (pp. 95-99). IEEE.