A lot of Executives have already considered the tools and automation necessary to move to the cloud. However, to do so safely - and protect your data - you’ll need to take important additional steps as you get started in the cloud.
2. The cloud offers some stellar
advantages for your business:
Flexibility Elasticity Utility billing
Reduced time to market
3. You’re convinced and yet you
don’t know what this means to
the security and risk exposure
of your business and its data.
4. Or what types of protection
requirements you’ll need to get.
5. Or who is responsible if your data
is vulnerable in the cloud.
6. Before we dive in with these six steps,
keep in mind two things:
1. Possibilities of new risks you may encounter
2. Extending what your security team is
already doing
7. Now you’re ready to dive in safely,
all you need to do is follow these steps.
14. To figure it out, you’ll need answers to these questions:
1. Where are resources multi-tenancy or shared?
You’ll want to know how they provide isolation.
2. How do they screen their employees?
Think about it: Now your insider threat potential has increased.
3. How is deletion of data after decommission handled?
Your data needs to vanish completely afterwards.
15. Are you ok with multitenancy for your resources?
- Ask your cloud provider
- Look for their published controls online
17. What’s the business justification for a set of instances?
If you understand where it falls against your risk
tolerance, you can set the controls.
Make sure you know:
- Classification of data that will be stored
- What the risk profile will be
-How critical is it to your business process
19. 1. Inventory & configuration
2. Control access
3. Secure the network
4. Protect data
5. Set up monitoring
6. Adjust risk management
Set your controls in these steps:
21. 1. Inventory & configuration: Put your instances
into asset management, adjust and incorporate
into your change management process.
22. 2. Control access: Define the roles
and permissions – even for the
cloud account management.
23. 3. Secure the network: Like you would on
premise, partition out with zones based on
sensitivity and function. Check if you need to
balance the load specific to your infrastructure.
24. 4. Data security: Often data moves over
non-private networks. Consider encryption,
secure connections and backup.
25. 5. Set up monitoring: Set your
controls specific to your level of risk.
26. 6. Plug into your risk management process:
Utilize eGRC, anti-malware and WAF.
Automation is your friend.
28. Extend your compliance requirements into the cloud.
Many regulations now have guidelines for operating in
the cloud. Privacy implication and where your data is
stored might affect your responsibility.
32. Think about your backup plan, so you can
safely transfer your data to a new provider.
33. Let’s recap the steps you need to do for
controlling your cloud-based information risks:
Step 1: Make sure you’re clear on who owns what responsibility
Step 2: Get clarity on your cloud provider’s control environment
Step 3: Get governance in order
Step 4: Translate and extend your controls from on-premise to
the cloud
Step 5: Handle compliance
Step 6: Think about continuity
34. With these six steps, you’ll soon be
swimming miles in the cloud.
35. No matter where your information assets live,
they need protection. Your security procedures need to
respond quickly to any threat.
Go to http://hubs.ly/H03YFvj0 and download our cloud
risk management cheat sheet for a quick rundown of the
typical ways that your risk management program could
fail and how to prevent this.