Q6:
How does your security offering simplify auditing and regulatory compliance?
Carpathia believes that as a service provider, we should be part of the equation when it comes to supporting customer compliance requirements rather than simply a platform. We have developed our operating procedures to exceed all common regulatory compliance requirements for moderate-impact-level systems. This allows us to extend a compliance umbrella around the platform in support of customer business goals. We also routinely enter into business agreements to further solidify delivery partnerships, such as Business Associate agreements for our customers with HIPAA mandates.
The Cisco SecureX security framework is context aware, and SecureX-enabled products can apply different policies and separate data streams from different clients or business processes. This makes it easier to verify that the client or process has the correct security applied, rather than attempting to make a one-size-fits-all policy that tries to meet the needs of all. Context-aware security policies simplify auditing and regulatory compliance and allow for fine-grained control of security. When policies are centralized and virtualization aware, auditing and compliance become easy to verify and maintain, so that security reviews can be done from a client or business process standpoint. From a product perspective, the Cisco Virtual Security Gateway logs all allow and deny traffic activities for auditing purposes. Cisco ScanSafe Web Filtering includes an advanced web reporting system, detailing usage and threats blocked. Cisco ISR Web Security with Cisco ScanSafe is a new hybrid cloud security service that enables centralized enforcement and reporting for branch offices.
Foundational aspects of compliance, such as strong authentication, mutual certificate authentication, encryption, and advanced logging are inherent to the platform. The Citrix Ready program provides for deep integration with compliance partners.
Expedient’s security offering has been honed to stand up to the most rigorous of audits after participating in hundreds of client-specific audits. With its open auditing nature, Expedient continues to refine its cloud platform to ensure that the environment meets the most stringent audit and regulatory compliance needs.
24 Intel IT Center Vendor Round Table | Cloud Security