View
98
Download
8
Category
Preview:
Citation preview
steps to getting started in the cloud6
The cloud offers some stellar advantages for your business:
Flexibility Elasticity Utility billingReduced time to market
You’re convinced and yet you don’t know what this means to the security and risk exposure of your business and its data.
Before we dive in with these six steps, keep in mind two things:1. Possibilities of new risks you may encounter
2. Extending what your security team is already doing
Now you’re ready to dive in safely, all you need to do is follow these steps.
Security in the cloud is a shared responsibility between you and your
provider. Where your responsibility lies depends on your cloud type.
How do you figure that out?- Discuss with your cloud provider
- Then spell it out in your cloud services agreement
To figure it out, you’ll need answers to these questions:1. Where are resources multi-tenancy or shared? You’ll want to know how they provide isolation. 2. How do they screen their employees? Think about it: Now your insider threat potential has increased.3. How is deletion of data after decommission handled? Your data needs to vanish completely afterwards.
Are you ok with multitenancy for your resources?- Ask your cloud provider- Look for their published controls online
What’s the business justification for a set of instances? If you understand where it falls against your risk tolerance, you can set the controls.
Make sure you know:- Classification of data that will be stored - What the risk profile will be-How critical is it to your business process
1. Inventory & configuration2. Control access3. Secure the network
4. Protect data5. Set up monitoring 6. Adjust risk management
Set your controls in these steps:
1. Inventory & configuration: Put your instances into asset management, adjust and incorporate into your change management process.
2. Control access: Define the roles and permissions – even for the cloud account management.
3. Secure the network: Like you would on premise, partition out with zones based on sensitivity and function. Check if you need to balance the load specific to your infrastructure.
4. Data security: Often data moves over non-private networks. Consider encryption, secure connections and backup.
6. Plug into your risk management process: Utilize eGRC, anti-malware and WAF. Automation is your friend.
Extend your compliance requirements into the cloud. Many regulations now have guidelines for operating in the cloud. Privacy implication and where your data is stored might affect your responsibility.
Think about your backup plan, so you can safely transfer your data to a new provider.
Let’s recap the steps you need to do for controlling your cloud-based information risks:
Step 1: Make sure you’re clear on who owns what responsibility Step 2: Get clarity on your cloud provider’s control environmentStep 3: Get governance in orderStep 4: Translate and extend your controls from on-premise to the cloudStep 5: Handle complianceStep 6: Think about continuity
No matter where your information assets live, they need protection. Your security procedures need to
respond quickly to any threat.
Go to http://hubs.ly/H03YFvj0 and download our cloud risk management cheat sheet for a quick rundown of the typical ways that your risk management program could
fail and how to prevent this.
Justin SuissaPrincipalinfoedge LLCjustin.suissa@infoedgellc.comlinkedin.com/in/jsuissa
About infoedge infoedge helps you improve business strategy, accelerate innovation and manage risk, so you can succeed in the information economy.
Recommended