Manage Risk, Maximize Opportunity: Internet2 NET+ Coordinates Effort to Evaluate Vendor Risk Management Services for Cloud
By Nick Lewis - Internet2 Program Manager
Estimated reading time: 4 minutes
Many institutions realize and have expressed the need for additional governance and coordination to manage risk more effectively and better utilize cloud services.
Based on community feedback, we are excited to share plans to convene a NET+ service evaluation, engaging with the HECVAT team along with EDUCAUSE and REN-ISAC, to identify a service provider that will offer cloud vendor risk management tools that support shared security assessments for the research and education (R&E) community.
Collaborate to Create a Better CloudInternet2 members and other research and education (R&E) institutions are encouraged to sign up for a service evaluation in the cloud vendor risk management program. Please email Nick Lewis, program manager for cloud security services, to participate.
Service providers or other community organizations interested in the program may contact Tara Gyenis, program development manager for cloud services.
The R&E Cloud Management Challenge
Based on discussions with different stakeholders in the community, we’ve observed that institutions execute cloud vendor risk management differently and use various terms to describe this activity, such as vendor management, contract management, procurement management, governance, IT GRC, etc. However, all these approaches have similar goals associated with enterprise risk management.
Not only does cloud vendor risk management have a wide variety of names and approaches at institutions, it also has a long list of stakeholders. Included in the stakeholders are the information security, procurement, access management, and IT accessibility staff on campuses. Getting all campus stakeholders together to manage cloud services is key to how Internet2 NET+ operates when completing a service evaluation. One of the goals for this service evaluation is to help institutions scale their cloud vendor risk management to thousands of cloud services.
How You Can Help: Working Together to Build a Solution
We believe the best solutions for meeting community needs are achieved by bringing our talented community together. Let us know if you’re working on an effort like this on your campus or if your campus already has a tool like this.
We invite Internet2 members and other R&E institutions interested in participating in the service evaluation to email Nick Lewis, program manager for cloud security services, by May 26, 2023. We will kick off the service evaluation shortly thereafter.
Service Providers or other community organizations interested in participating in this effort may contact Tara Gyenis, program development manager for cloud services, to discuss opportunities to get engaged. Please be advised that we intend to issue a Request for Proposals as part of this service evaluation. In the meantime, we invite providers to participate in the Internet2 Cloud Scorecard Directory to support the community and help build awareness.
We’ll be at the EDUCAUSE Cybersecurity and Privacy Professionals Conference, May 1-3, and the Internet2 Community Exchange, May 8-12 to engage with the community to get additional feedback and direction. Let us know if you’re going to be there, and we can talk!
About Service Evaluations and the NET+ Program
The goal of the NET+ service evaluation process is to develop use cases and requirements for a provider to meet common needs. We then vet service providers to ensure they meet shared community needs and negotiate business models and contracts to support the acquisition of the service.
This new service evaluation is part of an ongoing effort to leverage community scale to solve common challenges. The Internet2 NET+ program engages our community stakeholder groups around ways to meet the existing and emerging needs of the research and education community. It’s why we recently added a cloud infrastructure management offering, Kion, to the NET+ portfolio, launched the Cloud Scorecard to provide a baseline view of how services meet these standards, and continue to support efforts around the HECVAT to maintain a common security assessment tool.
Learn more about the Internet2 NET+ Program: