HITRUST, a leading data protection standards development and certification organization, today announced the release of publicly available resources that clearly define security and privacy responsibilities between cloud service providers and their customers, thereby streamlining processes for risk management programs. Developed with Amazon Web Services (AWS) and Microsoft Azure, each new HITRUST Shared Responsibility Matrix aligns with the cloud service provider’s unique solution offering.
Read More : KnowBe4’s Global Cybersecurity Experts Make Predictions For 2021 Cyber Trends
Leading cloud service providers have long supported shared responsibility models, whereby the provider assumes some security responsibility for hosting applications and systems, while the organization deploying its solutions in the cloud assumes partial or shared responsibility for others. The challenge, however, is that many shared responsibility models are loosely defined and vary based on the solution.
For businesses deploying solutions in the cloud, this ambiguity creates an added layer of complexity related to achieving broader risk management objectives.
“Scaling cost-effectively to meet customer demand requires us to leverage the cloud, which introduces additional and unique challenges as it relates to data privacy and security,” said Lee Penn, Chief Financial Officer and Chief Compliance Officer, PDHI. “Specifically understanding who is responsible or partially responsible for securing cloud services is a challenge that is addressed by the HITRUST Shared Responsibility Matrix.”
In 2019, HITRUST engaged AWS and Microsoft Azure to begin developing joint Shared Responsibility Matrices. The initiative was added to the larger HITRUST Shared Responsibility and Inheritance Program, which was introduced in 2018 to address the many misunderstandings, risks, and complexities involved when organizations leverage cloud service providers.
Read More : How The Covid-19 Pandemic Accelerated Enterprise Investment in NLP