Cloud computing projects are a top priority for organizations going into the New Year. So what do these organizations need to begin scoping these projects and keep Security at their forefront?
Start with the basics. It sounds cliché but the most common mistakes that we see in the industry is extreme focus on the potential cost savings promised by hosting providers and managed services to the detriment of security posture and proper controls. These providers often provide a false sense of security by providing reams of ISO, SSAE, SOC, & other certification documents. Thus, assuring their customers that their data is safe in an impenetrable virtual fortress, protected by a long list of the latest technologies and security buzzwords thrown in for good measure.
What could go wrong? Plenty…
Before you make the decision to commit your company to what may ultimately become the biggest mistake in your IT career, make sure you have all the facts in hand and have comprehensively reviewed the true impacts to your organization which may include hidden costs which you have never considered.
- Do you have a well maintained inventory of the computing platforms and applications which are being targeted for potential hosting off site or transition to SAAS?
- Do you have a fully documented understanding of the trust relationships and data flow between these computing platforms or applications and end users, applications or computing platforms which will continue to reside within your enterprise, and all other systems or users?
- Do you have a complete inventory of all your data, its sensitivity, and any associated data protection obligations which must be maintained to meet your corporate obligations for regulatory, legislative, or contractual compliance?
- Do you have a plan to validate the security controls offered by your “cloud” provider using an independent and unbiased 3rd party?
- Do you have a plan to handle the worst case scenario, minimize the damage, and recover from it?
- Would you even know if it happened?
To learn more on how to help address your security challenges as you begin or continue your journey to the cloud please reach out to us!