There is a confusing jungle of advice on the risks of cloud computing and how to manage these risks. This guide provides the top tips to negotiating and assuring cloud services.
1. Remember it’s just another way to obtain an IT service
The cloud offers an alternative way of obtaining IT services and, for most organizations, will form just part of the overall IT service infrastructure. It needs to be considered together with other alternatives using standard criteria such as risk, security and efficiency. Good IT governance is the best way to manage, secure, integrate, orchestrate and assure services from diverse sources in a consistent and effective way.
2. Understand the business needs
Understand the business requirements for the cloud service – the needs for cost, compliance and security follow directly from these. There is no absolute assurance level for a cloud service – it needs to be as secure, compliant and cost effective as dictated by the business needs – no more and no less.
3. Adopt the best practices
Adopt one or more of the frameworks or industry standards for IT governance and security management that are available. These represent the combined knowledge and experience of the best brains in the industry. However, be selective as not everything will apply to your organization. Whatever standards or frameworks you choose, select a CSP (cloud service provider) that conforms to them.
4. Classify data and applications
The needs for security and compliance depend upon the kind of data being moved into the cloud as well as its sensitivity. The most important step is to classify this data and any applications in terms of their sensitivity and regulatory requirement needs. This helps the procurement process by setting many of the major parameters for the cloud service and the needs for monitoring and assurance.
5. Adopt a standard process for selecting cloud services
Set up a standard process for selecting cloud services that enables fast, simple, reliable, standardized, risk-oriented and comprehensive selection of cloud service providers. Without this, there will be a temptation for lines of business to acquire cloud services directly without fully considering the needs for security, compliance and assurance.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.