StatPro Joins Cloud Security Alliance

By joining the community, StatPro expects to work with other members to help advance cloud security technologies for solutions and services offered to the investment management industry.

Neil Smyth, technology and marketing director of StatPro, talks to WatersTechnology about the firm’s involvement in the Alliance and the security issues the industry is facing.

Waters: What is the Cloud Security Alliance?

Neil Smyth: The Cloud Security Alliance (CSA) is an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. The CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products.

Waters: Why did StatPro joined?

Smyth: StatPro joined the CSA to be able to work with, and take part in the active cloud security community within the organization. Whether this is through events, social media, membership councils, or sharing cyber-security threat information. Being part of such an organization helps us to maintain our high levels of awareness when it comes to cloud security and also raises StatPro’s profile as a provider of cloud security within the investment industry.

Waters: Was StatPro concerned about its cloud resilience and which issues do you expect to tackle?

Smyth: We don’t have any specific cloud security concerns with our platform. As a technology business, we believe it’s good practice to be part of such communities in the same way we are active with other partners such as Microsoft, AWS, or open-source development projects.

Our aim is to add the CSA’s cloud security certification to our other external audits such as ISO27001 that help demonstrate our processes and controls around data security. We continuously work on improving our security processes through testing, scanning and reacting to information from organizations such as the CSA.

Waters: What is the current state of cloud security?

Smyth: The effectiveness of any service or application security is dependent on who is applying and managing the controls to the various threats and risks to that service. Cloud-based applications have various risks just as locally-installed applications do.

When StatPro started developing new applications for the cloud, we were able to include the right security measures as we built the application and not as an afterthought. Many locally-installed enterprise applications have poor levels of security because they believe that being behind the corporate firewall will protect them. This isn’t always the case.

We have also seen some innovative security solutions with partners such as AWS and SafeNet that allow for secure management of encryption keys even when deployed within Infrastructure-as-a-Service.

New security solutions are being developed all the time and being part of the CSA helps us evaluate and discuss them with other members.