Manage Risk, Maximize Opportunity: Internet2 NET+ Coordinates Effort to Evaluate Vendor Risk Management Services for Cloud 

By Nick Lewis - Internet2 Program Manager

Estimated reading time: 4 minutes

The R&E Cloud Management Challenge

Based on discussions with different stakeholders in the community, we’ve observed that institutions execute cloud vendor risk management differently and use various terms to describe this activity, such as vendor management, contract management, procurement management, governance, IT GRC, etc. However, all these approaches have similar goals associated with enterprise risk management. 

Not only does cloud vendor risk management have a wide variety of names and approaches at institutions, it also has a long list of stakeholders. Included in the stakeholders are the information security, procurement, access management, and IT accessibility staff on campuses. Getting all campus stakeholders together to manage cloud services is key to how Internet2 NET+ operates when completing a service evaluation. One of the goals for this service evaluation is to help institutions scale their cloud vendor risk management to thousands of cloud services.   

How You Can Help: Working Together to Build a Solution

We believe the best solutions for meeting community needs are achieved by bringing our talented community together. Let us know if you’re working on an effort like this on your campus or if your campus already has a tool like this. 

We invite Internet2 members and other R&E institutions interested in participating in the service evaluation to email Nick Lewis, program manager for cloud security services, by May 26, 2023. We will kick off the service evaluation shortly thereafter.

Service Providers or other community organizations interested in participating in this effort may contact Tara Gyenis, program development manager for cloud services, to discuss opportunities to get engaged. Please be advised that we intend to issue a Request for Proposals as part of this service evaluation. In the meantime, we invite providers to participate in the Internet2 Cloud Scorecard Directory to support the community and help build awareness.

We’ll be at the EDUCAUSE Cybersecurity and Privacy Professionals Conference, May 1-3, and the Internet2 Community Exchange, May 8-12 to engage with the community to get additional feedback and direction. Let us know if you’re going to be there, and we can talk! 

About Service Evaluations and the NET+ Program

The goal of the NET+ service evaluation process is to develop use cases and requirements for a provider to meet common needs. We then vet service providers to ensure they meet shared community needs and negotiate business models and contracts to support the acquisition of the service. 

This new service evaluation is part of an ongoing effort to leverage community scale to solve common challenges. The Internet2 NET+ program engages our community stakeholder groups around ways to meet the existing and emerging needs of the research and education community. It’s why we recently added a cloud infrastructure management offering, Kion, to the NET+ portfolio, launched the Cloud Scorecard to provide a baseline view of how services meet these standards, and continue to support efforts around the HECVAT to maintain a common security assessment tool. 

Learn more about the Internet2 NET+ Program:

• Download the NET+ Guide
• Schedule a Q&A to Learn More