CITISCAPE IT 281-733-2422

Many companies are looking at Cloud Computing and what it can offer them in convenience and cost savings as their infrastructure ages. We procure cloud computing services for our customers if this business model is right for them. We have proven methodical processes that are backed by ISACA and ASIS board certified professionals and are industry standard. There is no question that significant cloud business opportunities are available; at the same time, there are also many recognized information security risks to be addressed. There are many variables, values and risk in any cloud opportunity or program that affect the decision whether a cloud application should be adopted from a risk/business value standpoint. One of the benefits from frameworks we utilize is that they produce a summary assessment of the business risks and achieved business value of an application, and can help practitioners evaluate (often to a highly granular degree) many security or value issues. Your business deserves the winning edge! Are you under a fixed fee managed service contract or cloud computing contract and do you know if your provider is actually performing the services they are billing you for? We provide auditing and security services (at the detailed level) for our clients in many areas, as well as best IT security and business practices, risk assessment, detection and prevention, network monitoring, and other steps necessary to protect your business. Your IT consulting firm or MSP should use (prescreened) qualified and experienced Systems Engineers and Systems Administrators and should be providing your company with adequate documentation and log files on work and services performed (in detail), and this information should be compared to monthly billing services. One of the top complaints from business owners about their current IT consulting company is getting bills from their provider without detailed information on services or work performed, or getting billed for services they did not receive. The term "managed services" mean different things to different IT providers, and the lack of industry standards in this area, as well as cloud computing, leaves "play room" for IT companies to take advantage of businesses who may not understand what they are paying for and what they are receiving.

• Third-party, independent cloud computing (SaaS) security auditing for businesses in the State of Texas
• Third-party, independent managed services (MSP) security auditing for businesses in the State of Texas
• Full service SLA and contract negotiations, and cloud computing procurement services. This includes liability assessments, risk assessments, and SLA verbiage in cloud computing contracts (as well as other IT outsourcing services) that often pass liability to the client and take on no responsibility as a service provider.
  

IT Security Plan

One of the most significant challenges facing managers of Information Technology is navigating the play of disruptive technologies. With the "hype" of cloud computing in the spotlight, privacy and security will be the biggest concern for many businesses in the next coming years. Your company's responsibility for governing security on the cloud has not been removed just because you "outsource" to the cloud; it is merely different and must be evaluated in the context of the cloud service and provider as well as your local (state) privacy laws. A company's best defense might be a good offense adding layers of security and monitoring.

• Asset Discovery and Inventory – Build and maintain an up-to-date repository of IT asset information,
  including business impact and asset groupings.
• Vulnerability Assessment – Test and document the effectiveness of both security policies and controls.
• Analysis and Correlation – Add business intelligence through graphing, trending and understanding the
  relationships between vulnerabilities and asset types.
• Remediation and Verification – Prioritize and resolve the vulnerability issues that are found and retest the
  assets for proof of correctness

The lure of cloud computing is strong, yet many are quite understandably sitting on the sideline. It comes as no surprise that many e-commerce retailers, web hosting companies, and other IT centric companies and service providers have rushed to provide cloud services and have endured public disgrace because of data loss and security breaches; coding software appropriately, designing data centers appropriately, and the professional services it takes to do so really isn't their forte. The fact of the matter is cloud computing security is more than just encryption, mult-factor authentication and firewalls. You simply cannot put the same systems into place on the cloud and expect the same results. They have to be architected specifically for the cloud computing model, which needs to be innovated entirely with new ways of enterprise security and regulatory compliance in mind with the coding and design phase, as well as other software development life cycle phases. The decision to use the cloud for your company is really all about risk management, and just how much risk your company is willing to take by turning over corporate data to a third party and losing control. Many companies are trading catastrophic problems for gains in efficiency. Companies seeking greater efficiency and more software features are eyeing cloud computing technology, leaving themselves vulnerable to a single security threat. Don't let yours be one of them! Reliance on cloud services can be a firm's undoing if not properly investigated before jumping on board. Reliance on cloud vendors' security has led to a number of high profile breaches (Epsilon, Citibank, JPMorgan Chase, Walgreens, Drop box) to name a few. There are alternatives in the making to address this via third party encryption services. There are many unknown variables in cloud computing. Due to its nebulous nature, it is important to understand the risks associated with utilizing cloud computing. It is not just different technology; it is a different way of doing business. It's also about ROI for your company; calculating all costs (not just start up costs), Capex vs. Opex expenditures over the term of the cloud computing contract, as well as checks and balances. We are well equipped with the IT, security, and Cloud infrastructure knowledge to point you in the right direction on a totally unbiased business and technical standpoint by board certified security professionals. We assist those companies contemplating cloud computing solutions in numerous areas including financial viability, ROI, security, and regulatory compliance of the provider in question. We have cloud computing procurement professionals on staff and provide contract negotiations on our client's behalf. Our IT backgrounds enable us to understand the technical details for our clients and engage in risk assessments, security audits, and SLA's (service level agreements) audits BEFORE clients sign on the dotted line. Your company really needs an IT Consulting Professional to advise you before signing SLA's with third party vendors.

• Let us perform an assessment and security audit on your current IT vendors to see if you are getting what you pay for.
• Let us perform an assessment and security audit on your cloud services provider to see if you are getting what you pay for.
• We provide procurement services for Cloud Computing and other IT / Business specialties. It is always best to hire an independent technical professional BEFORE signing a Service Level Agreement (SLA) with any service provider (Cloud Computing, MSP, Collocation, Internet Service Provider, etc.)