There’s a shared responsibility for compliance monitoring between the customer and the cloud provider. As Chris Hoff, Director, Cloud & Virtualization Solutions at Cisco noted, not all cloud providers are creating the same visibility. There’s a lot of variability across cloud providers and that variance impacts your ability to measure security, risk, and compliance.
Platforms are moving towards common and standard interfaces so people will have more insight of the results of the controls even if they don’t have the ability to impact those controls, said Hoff.
What insight do you need for your management of risk? Each business has different needs. The exposure of controls, measurement interfaces, attestation, and insertion differs greatly, Hoff said.
Hoff goes onto explain the need for clarification of words, such as the use of the word “continuous.”