Cloud Security Governance, Risk and Compliance

By on Mar 14, 2019

Protecting against cyberthreats and the whole cybersecurity landscape is changing fast, with new threats and vulnerabilities appearing daily. Gartner’s 2019 Audit Key Risks and Priorities Survey showed 77% of audit departments plan to cover cybersecurity detection and prevention in audit activities. To make sure their data network is secure, businesses need to face security risks and protect against threats as fast as they can, while still letting their users work how they want; being mobile and flexible.

All this can make IT departments be seen as “blockers”. But yours doesn’t have to be. McAfee’s comprehensive Security as a Service (SaaS) tools address the cyberthreat issues and let you focus on building business instead of worrying about security.

We recognize that companies face an increasing governance burden, especially with the EU General Data Protection Regulations (GDPR). Which is why our product feature sets benefit governance, risk and compliance.

Take, for example, McAfee MVISION Cloud’s registry. It contains risk ratings for over 25,000 cloud services, all of which are reported using 50 criteria, including a GDPR Risk Rating to let customers see the risk rating of all cloud services in use— based on their GDPR risk level and ratings. This common language also allows the IT teams to share risk levels and ratings with their governance, risk and compliance teams and define policies based on individual GDPR risk levels.

If a service vendor has a high risk, the risk team can take steps to mitigate, and McAfee MVISION Cloud can provide further help by automating how to deal with the specific service inside the policy:

  • Block traffic to and from
  • Redirect the app to an alternative but lower risk service
  • Negotiate better terms and conditions
  • Add cloud Data Loss Prevention via Smart DLP
  • Encrypt all data sent to the service
  • Improve authentication via Single Sign On (SSO)
  • Restrict file sharing
  • Set geo-location policy for example to allow users to do things in the office and nowhere else, or in the US and not Europe
  • Add logging – user, admin or data activity

Cloud DLP Cheat Sheet

Learn about cloud DLP best practices to ensure your organization meets internal and external compliance requirements.

Download Now

DLP (Data Loss Prevention) does what it says; prevents data loss. McAfee Smart DLP collects data and categorizes it — Data in Motion (actions like printing or storing on networked resources; traffic is analysed, categorised, and stored in the McAfee DLP database), Data at Rest (any data residing in file shares, databases, and repositories. This will include things like scanning centrally stored Office 365 files for sensitive data), and Data in Use (files being worked on by users. This will include actions like copying data and files to removable media, printing files to a local printer, or taking screen captures). Smart DLP happens in the cloud and relies on your policy to prevent loss.

At McAfee, we believe the GDPR and our audit of how users are accessing data – and DLP policies – represent a good opportunity for us and internal security professionals to work closely with other areas of the business to integrate data protection into the fabric of business.

A common language, McAfee’s audit and consistent GDPR risk levels also represent an opportunity for Chief Information Officers (CIOs) to get board-level commitment in the security area. McAfee cloud services cover these areas of the data security lifecycle: data discovery, application security, data loss prevention, cloud data protection, and breach detection and response. McAfee’s cloud services help consolidate all three.


About the Author

McAfee Cloud BU

Learn about cloud threats, the latest cloud security technologies, and the leading approaches for protecting data in cloud services.

Read more posts from McAfee Cloud BU

Categories: Cloud Security

Subscribe to McAfee Securing Tomorrow Blogs