For U.S. Mint, cloud computing security transparency effort pays off

Grazed from TechTarget. Author: Robert Westervelt.

For the United States Mint, its effort to gain insight into the systems and processes that secure its SaaS ecommerce system proved to be a worthwhile investment of time and resources. According to its chief information security officer, however, it faced a tough battle dealing with the resistance from its cloud provider.

Speaking to attendees at the 2012 SecTor security conference, U.S. Mint CISO Chris Carpenter said he insisted on understanding how his organization’s SaaS application was being secured, from system architecture to firewalls and how the provider conducts security internally and externally. However, he was shocked when his inquiry to the provider was met with the response, "No one has ever asked us that before."…

Carpenter quizzed the firm during the Cloud contract negotiation on how it vets its employees, its security controls, its corporate policies, how often it conducts penetration testing, and its incident response plan. Seeking to improve his provider’s cloud computing security transparency, he requested to visit the security operations center and forced the firm to provide an example of how it responded to an incident…

Read more from the source @ http://searchcloudsecurity.techtarget.com/news/2240164403/For-US-Mint-cloud-computing-security-transparency-effort-pays-off