Exploring the Future of Cloud Vendor Security Assessments

Tuesday, May 02 | 1:00PM–2:30PM | Penrose 2, Lower Level 1
Session Type: Breakout Session
Delivery Format: Concurrent Session
As campuses deploy or identify cloud services in use, they need to ensure the cloud services are appropriately assessed. Many campuses have established a cloud security assessment methodology and have the resources to assess many of their cloud services, but few campuses have sufficient resources to assess all cloud services. A HEISC working group was formed with EDUCAUSE, Internet2, and REN-ISAC members to develop the Higher Education Cloud Vendor Assessment Tool (HECVAT), which was published in late 2016. Please join the creators of this tool to discuss goals for the HECVAT, how the tool was developed, and how to adopt the tool and integrate it into your institution's security assessment process. This is a deep dive/advanced level session.

Outcomes: Learn about the working group and how to participate in higher ed shared assessments * Learn about implementing the HECVAT at your institution * Gain insight into future efforts of the working group and how to contribute to them


  • Jon Allen

    Associate Vice President CIO & CISO, Baylor University
  • Charlie Escue

    Information Security Manager, Indiana University
  • Nick Lewis

    Program Manager, Security and Identity, Internet2
  • Mitch Parks

    Chief Information Security Officer, University of Idaho
  • Laura Raderman

    Policy and Compliance Coordinator, Carnegie Mellon University