Solving the Geo-Compliance Certification Puzzle (P10b)
Customers increasingly expect cloud-based businesses to attain security compliance certifications to demonstrate that their SaaS offers comply with various global government regulations and industry standards. These certifications are becoming table stakes for businesses to demonstrate their commitment to data security, availability, and privacy, while providing a competitive advantage to enable market access.
This session will examine how Cisco solves the geo-compliance certification challenge that affects all multinational technology corporations, realizing cost and time efficiencies that alleviate pressure on engineering while increasing the organization’s security posture. Cisco is taking a 4-phased approach to achieve its market access certification targets:
* Phase I – Market Objective and Prioritization: Take a customer-in view and identify the markets and associated certifications that meet their objectives and priorities.
* Phase II – Common Controls: Build a Common Controls Framework (CCF) tailored towards the target SaaS infrastructure. The goal is to implement a single set of controls across the SaaS infrastructure to create baseline security controls that can be tested once and used multiple times for various certifications.‚ÄØ
* Phase III – Shared Operational Security Stack: The key to the success of CCF. Develop and extend a core set of CCF-compliant security services focused on the operational infrastructure to which the rest of the organization can subscribe. The objective of these services is to not only achieve certifications, but also to improve security hygiene.
* Phase IV – Maintain Governance, Risk, and Compliance (GRC): Get certified, maintain compliance, and evolve through a robust GRC program.
Prasant Vadlamudi, Head of Global Cloud Compliance, will focus on Cisco’s answer to the ever-increasing global and local compliance needs in the form of the Cisco Cloud Controls Framework (CCF) ‚ a product compliance and certification methodology that helps meet customer requirements and the evolving regulatory demands for SaaS products. Prasant will share perspective on the:
– Cisco Framework Overview Describing how the framework was created, its salient features, which certifications the framework covers, and how it enables rapid scalability by being able to absorb newer certifications.
– Distributed Controls Model Showing how the framework enables compliance teams to minimize the effort required from Engineering and Operations by centralizing it, helping to drive agile compliance-as-a-service throughout an organization.
– Operational Security Stack Providing details on how shared tools can help achieve compliance in a more organized way and increase the organization’s security posture.
– Market Access Benefits Sharing use cases and success stories on how the Cloud Controls Framework has opened new and expanded existing markets for Cisco.
– Future of Compliance Discussing the vision for the CCF future and how it will evolve, including how we plan to automate the framework and compliance overall.