Accelerate Google Cloud Vendor Due Diligence By Leveraging Third Party Risk Management Providers

As organizations accelerate adoption of cloud services to deliver innovative solutions and experiences for their customers, risk and compliance teams are adjusting their due diligence programs to better understand and manage the risks associated with outsourcing of business critical workloads. At the core of these efforts is protecting sensitive data and applications in accordance with internal policies and best practices, while maintaining compliance with complex global regulatory requirements, frameworks, and guidelines. Cloud auditability, control monitoring, and continuous cloud risk assessment are prerequisites to building trust and regulator confidence in cloud services that underpin core business processes and apps. As a result, organizations are increasingly dedicating resources to perform comprehensive assessments of relevant cloud policies, processes, and technical implementations, and these resources are always looking for ways to increase breadth and depth of their provider risk assessments while optimizing the costs to the organization.

Here at Google Cloud we are committed to being the industry’s most trusted cloud and our Google Cybersecurity Action Team works closely with customers to help them meet their due diligence, risk management, and regulatory compliance needs. One way we help our customers scale and accelerate their cloud assessments is by collaborating with third party risk management (TPRM) providers. These organizations provide independent due diligence services and platforms to help automate vendor risk management based on the data they collect and provide. We enable the TPRM assessors to examine the controls present in our infrastructure and operations. Based on their observations and assessments, TPRM providers develop independent and unbiased audit reports that can be shared directly with customers.

Some of the benefits of TPRM solutions for Google Cloud customers include:

Comprehensive and regular assessments: TPRM providers perform periodic, multi-tier, multidimensional assessments of Google Cloud’s platform and services on a regular schedule. As part of these assessments, TPRM providers inspect hundreds of security, privacy, business continuity, and operational resiliency controls aligned with industry standards and regulations such as NIST SP 800-53, NIST CSF, ISO 27001, PCI-DSS, HIPAA, CMMC, SOC2, CSA STAR, etc. The information provided in these in-depth assessments help support Google Cloud customers’ own assessment processes that underpin their efforts to meet complex regulatory compliance requirements when managing data and applications in the cloud.

Efficient use of audit resources: TPRM providers facilitate an exchange of risk assessments between Google Cloud and our customers, customizing the reports to the customer’s compliance landscape. This helps streamline the vendor risk assessment process and decrease the regular effort required by both the customer as well as Google. By leveraging the broad scope and extensive fieldwork of these TPRM assessments, Google Cloud customers can accelerate their vendor due diligence and overall risk management processes.

Access to independent cloud audit expertise: TPRM solutions provide customers with audit assessments and reports that are fully independent of Google Cloud. Additionally, customers have the opportunity to discuss their cloud controls, risk posture, and audit practice with a third party, experienced in auditing public cloud providers.

Many Google Cloud customers already leverage the TPRM relationships we’ve established. Today, we work with industry leading TPRM providers such as CyberGRX, TruSight, and KY3P to deliver high-quality risk assessments for our customers globally. We are committed to continue to find effective, efficient solutions that can help customers meet customer risk management and regulatory compliance requirements. To learn more about Google Cloud Trust & Compliance, visit our Compliance resource center.

By: Rani Urbas (Head of Enterprise Trust, Google Cloud)
Source: Google Cloud Blog

Accelerate Google Cloud Vendor Due Diligence By Leveraging Third Party Risk Management Providers

Previous Women Techmakers Journey To Google Cloud Certification

Next Google Cloud Cortex Framework: Connect SAP Data Via Cloud Data Fusion

Suggested Posts

Get More Insights From Your Java Applications Logs

An Introduction To Generics

Five Do’s And Don’ts CSPs Should Know About Going Cloud-Native

Dell Technologies Telecom Solutions Simplify And Accelerate Modern, Open Network Deployments

Why More Companies Want Unified, Cloud-Based ERP And HCM

Cloudflare Equips Partners To Deliver Complete Zero Trust Solution With Cloudflare One Partner Program

How To Run Untrusted Containers In Kubernetes

Profile Layering For Helm Encourages Self Service For Kubernetes

Vodafone Partners With Oracle To Accelerate Technology Modernization On Oracle Cloud Infrastructure

Introducing GovSlack, A Digital HQ To Support Secure Government Work

State Of Observability 2022: Modernization Cannot Succeed Without Observability

New Bluetooth® LE Wireless MCUs Make High-Quality RF And Power Performance More Affordable

Accelerating ML With Vertex AI: From Retail And Finance To Manufacturing And Automotive

Reimagining AutoML With Google Research: Announcing Vertex AI Tabular Workflows

Getting Started With ML: 25+ Resources Recommended By Role And Task

Cloudflare Equips Partners To Deliver Complete Zero Trust Solution With Cloudflare One Partner Program

How To Run Untrusted Containers In Kubernetes

Profile Layering For Helm Encourages Self Service For Kubernetes

Vodafone Partners With Oracle To Accelerate Technology Modernization On Oracle Cloud Infrastructure

Introducing GovSlack, A Digital HQ To Support Secure Government Work

State Of Observability 2022: Modernization Cannot Succeed Without Observability

MENU

More Stories

Apple Announces The New iPhone SE: A Powerful Smartphone In An Iconic Design