CSA Security Update

The Business Case Behind Continuous Monitoring - Guest: Stephen Boyer; Founder & CTO, BitSight

July 21, 2019 John DiMaria; Assurance Investigatory Fellow
CSA Security Update
The Business Case Behind Continuous Monitoring - Guest: Stephen Boyer; Founder & CTO, BitSight
Chapters
CSA Security Update
The Business Case Behind Continuous Monitoring - Guest: Stephen Boyer; Founder & CTO, BitSight
Jul 21, 2019
John DiMaria; Assurance Investigatory Fellow

Continuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to CSA formatting and specifications, which customers and tool vendors can then retrieve and present in a variety of contexts.
 
Continuous monitoring/auditing improves on the traditional point-in-time certification in both trust and transparency.
 
Point-in-time audits while the foundation of many respected certifications, often contain a considerable time gap between audits, and by adopting continuous monitoring/auditing with an increased audit frequency, chances of deviation of the security posture becomes less. This empowers cloud service providers to make precise statements on compliance status of their cloud services covered by the continuous audit process, achieving an “always up-to-date” compliance status.
 
There has been considerable amount of research and science that has gone into proving the business case for continuous monitoring and its effectiveness. Listen as we discuss the data in detail with Stephen Boyer, Founder and CTO of BitSight Technologies along with use cases that show how the paradigm is changing once again on how industry defines risk and security.

 

Show Notes

Continuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to CSA formatting and specifications, which customers and tool vendors can then retrieve and present in a variety of contexts.
 
Continuous monitoring/auditing improves on the traditional point-in-time certification in both trust and transparency.
 
Point-in-time audits while the foundation of many respected certifications, often contain a considerable time gap between audits, and by adopting continuous monitoring/auditing with an increased audit frequency, chances of deviation of the security posture becomes less. This empowers cloud service providers to make precise statements on compliance status of their cloud services covered by the continuous audit process, achieving an “always up-to-date” compliance status.
 
There has been considerable amount of research and science that has gone into proving the business case for continuous monitoring and its effectiveness. Listen as we discuss the data in detail with Stephen Boyer, Founder and CTO of BitSight Technologies along with use cases that show how the paradigm is changing once again on how industry defines risk and security.