Mark Houpt is responsible for developing and maintaining DataBank’s security program roadmap and data center compliance programs. He has over 25 years of extensive information security and information technology experience in a wide range of industries. In an interview with Rahul Arora, Houpt talks about essentials of a sound cloud migration strategy, ways of reducing the attack surface of data center and cloud computing, and much more.
What are the cybersecurity practices that DataBank follows?
DataBank uses the NIST SP800-53R4 methodology as our primary framework for cyber security. Under this framework, we specifically utilize the moderate control set for a majority of our implementation. In some cases, we raise it to the high and other cases we lower it to low requirements based upon a risk assessment of the product or item we are
securing.
DataBank utilizes the NIST methodology identified above to comply with HIPAA requirements. For PCI-DSS requirements, we utilize the NIST methodology and cap it with PCI requirements when they are higher. For example, NIST calls for a penetration test to be conducted annually and PCI for a twice per year event. For PCI environments, we follow the twice method.
What are the essentials of a sound cloud migration strategy?
The essentials of a sound cloud migration strategy are to conduct an internal risk assessment before communicating with a cloud provider.