You Must Recognize Hidden Costs and Hidden Risks
- Having more mature security processes in place puts you in a better position to define who’s responsible for what in this extended infrastructure.
- Any time you collect customer data, regardless of who your cloud provider is, you are still responsible for making sure there’s proper regulatory compliance.
“Your existing program or framework becomes the starting point of a discussion about what controls you need the provider to manage.”
As chief information security officer (CISO) at the Pulte Group, a homebuilding company that also provides a variety of financial services and online customer engagement, Alex Wood oversees the security of all Financial Services systems, including cloud-based assets. Like many companies, the Pulte has increased its use of cloud services and web applications. Because of the way cloud services work and the fact that you generally don’t have direct administrative access to cloud infrastructure, it’s necessary to approach security differently in this environment.