Shared responsibility – Understanding how to share control responsibility in the cloud – HITRUST 2019

Shared Responsibility - Understanding How to Share Control Responsibility in the Cloud - HITRUST 2019

During day two of the HITRUST 2019 conference yesterday, I attended a panel called Shared Responsibility – Understanding How to Share Control Responsibility in the Cloud.

The panel was composed of:

  • Becky Swain: Director, Standards Development, HITRUST
  • Kurt Hagerman: CxO Advisor, Cyber Strategy, Coalfire
  • Blaise Wabo: Senior Manager, A-LIGN

It was moderated by Mike Annand: Director of Customer Compliance at Armor Cloud Security.

Shared Responsibility – Understanding How to Share Control Responsibility in the Cloud – My Takeaways

Shared
Here are my takeaways:

  • “There’s no such thing as perfect security.” (Kurt Hagerman)
  • What does it mean to share responsibility?
  • Becky stressed the need to start a dialogue around similar language
  • Who owns the control and how is it written? Is it relevant to the organization?
  • The whole idea is to provide clarity to customers, providers and assessors
  • “Cloud is the new version of I.T.” (Kurt)
  • AWS IAM was used as an example of joint control ownership
  • Becky is looking for more members to the work group
  • “Once we’re speaking the same language, then we can have a healthy dialogue.” (Becky Swain)
  • A draft of the shared responsibility matrix is still in the works
  • The working group is in the middle of a reboot
  • Cost model: No additional cost to HITRUST applicants
  • Looking at version 10 having this functionality
  • “Their business is about security.” Becky on cloud vendors like AWS
  • “People are the biggest security risk.” (Becky)

See also: Streamlining Your Third-Party Risk Management Program – HITRUST 2019

Shared Responsibility - Understanding How to Share Control Responsibility in the Cloud - HITRUST 2019

HITRUST 2019 Conference

Shared Responsibility - Understanding How to Share Control Responsibility in the Cloud - HITRUST 2019

HITRUST 2019 positions itself is the most comprehensive and definitive information risk management conference for privacy, security, and compliance professionals.

The conference is held at the Gaylord Texan Resort in Grapevine, Texas.

Try Paubox Email Suite for FREE today.

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport