Michael Kropyva
InfoSec Manager, SoftServe

A computer and cyber security expert with almost 13 years of hands-on experience. Core responsibilities are establishing and maintaining enterprise InfoSec governance, risk management and compliance processes by operating enterprise Information Security Management System developed according to ISO 27001 standard. Establishing operations of the enterprise’s security solutions through management of the organization’s Security Operations (SecOps) team.

Security compliance for cloud providers - customer`s perspective

Nowadays organizations often involve service providers to carry out certain IT functions. At the same time, it is only right to question whether a service provider can securely perform the contracted services. For service providers, it is equally important to convince their current and potential customers that the services provided comply with the relevant security standards. And how does one determine if the organizations with which outsourcing companies are doing business (financial services firms, healthcare providers, utilities, educational and public sector institutions, just to mention a few) conduct their businesses securely from a data security perspective? It would be inefficient for service providers and clients to define and monitor a set of IT security requirements for each and every contract. Referencing internationally recognized and accepted standards is a much more efficient solution, as both sides are familiar with and, hopefully, similarly interpret them. Obtaining and maintaining a certification can be a one-time decision, a contractual obligation, or even a legal requirement. No matter the reason, implementing a complex IT security control system is necessary for compliance.