Cloud Vendor Security Risk Assessments: An Update from the HEISC Shared Assessments Working Group (REN-ISAC Techburst)

Abstract

Assessing vendor risk and security posture continues to be a time-consuming effort for many security professionals in higher education. Although many campuses commit resources to the highest priority assessments, few are able to assess all cloud services that host institutional data. To explore the potential for collaborative risk security assessments, a HEISC working group was formed with EDUCAUSE, Internet2, and REN-ISAC members to develop the Higher Education Cloud Vendor Assessment Tool (HECVAT), published in late 2016. The presenter discusses the origin and goals of the HECVAT, how the community will guide future development, how to leverage the HECVAT for beginning and existing security assessment programs, and discover ways to contribute.