Exploring the Future of Cloud Vendor Security Assessments

As campuses deploy or identify cloud services in use, they need to ensure the cloud services are appropriately assessed. Many campuses have established a cloud security assessment methodology and have the resources to assess many of their cloud services, but few campuses have sufficient resources to assess all cloud services. A HEISC working group was formed with EDUCAUSE, Internet2, and REN-ISAC members to develop the Higher Education Cloud Vendor Assessment Tool (HECVAT), which was published in late 2016. Please join the creators of this tool to discuss goals for the HECVAT, how the tool was developed, and how to adopt the tool and integrate it into your institution's security assessment process. This is a deep dive/advanced level session.

Outcomes: Learn about the working group and how to participate in higher ed shared assessments * Learn about implementing the HECVAT at your institution * Gain insight into future efforts of the working group and how to contribute to them