SlideShare a Scribd company logo

6 Steps to Getting Started in the Cloud

Rachel Garcia
Rachel Garcia

A lot of Executives have already considered the tools and automation necessary to move to the cloud. However, to do so safely - and protect your data - you’ll need to take important additional steps as you get started in the cloud.

Technology
1 of 36
Download to read offline
steps to getting started in the cloud 6
The cloud offers some stellar advantages for your business: Flexibility Elasticity Utility billing Reduced time to market
You’re convinced and yet you don’t know what this means to the security and risk exposure of your business and its data.
Or what types of protection requirements you’ll need to get.
Or who is responsible if your data is vulnerable in the cloud.
Before we dive in with these six steps, keep in mind two things: 1. Possibilities of new risks you may encounter 2. Extending what your security team is already doing
Now you’re ready to dive in safely, all you need to do is follow these steps.
1Step Make sure you’re clear on who owns what responsibility.
Security in the cloud is a shared responsibility between you and your provider. Where your responsibility lies depends on your cloud type.
Sometimes it’s not clear who is in charge of what security.
How do you figure that out? - Discuss with your cloud provider - Then spell it out in your cloud services agreement
2Step Get clarity on your cloud provider’s control environment
Don’t leave this to assumptions. Get clear answers.
To figure it out, you’ll need answers to these questions: 1. Where are resources multi-tenancy or shared? You’ll want to know how they provide isolation. 2. How do they screen their employees? Think about it: Now your insider threat potential has increased. 3. How is deletion of data after decommission handled? Your data needs to vanish completely afterwards.
Are you ok with multitenancy for your resources? - Ask your cloud provider - Look for their published controls online
3Step Get governance in order
What’s the business justification for a set of instances? If you understand where it falls against your risk tolerance, you can set the controls. Make sure you know: - Classification of data that will be stored - What the risk profile will be -How critical is it to your business process
4 Step Translate and extend your controls from on-premise to the cloud
1. Inventory & configuration 2. Control access 3. Secure the network 4. Protect data 5. Set up monitoring 6. Adjust risk management Set your controls in these steps:
Here’s how you set them up.
1. Inventory & configuration: Put your instances into asset management, adjust and incorporate into your change management process.
2. Control access: Define the roles and permissions – even for the cloud account management.
3. Secure the network: Like you would on premise, partition out with zones based on sensitivity and function. Check if you need to balance the load specific to your infrastructure.
4. Data security: Often data moves over non-private networks. Consider encryption, secure connections and backup.
5. Set up monitoring: Set your controls specific to your level of risk.
6. Plug into your risk management process: Utilize eGRC, anti-malware and WAF. Automation is your friend.
Handle compliance 5Step
Extend your compliance requirements into the cloud. Many regulations now have guidelines for operating in the cloud. Privacy implication and where your data is stored might affect your responsibility.
6 Step Think about continuity
What will happen if you need to switch vendors?
Or they get swallowed by a whale and vanish?
Think about your backup plan, so you can safely transfer your data to a new provider.
Let’s recap the steps you need to do for controlling your cloud-based information risks: Step 1: Make sure you’re clear on who owns what responsibility Step 2: Get clarity on your cloud provider’s control environment Step 3: Get governance in order Step 4: Translate and extend your controls from on-premise to the cloud Step 5: Handle compliance Step 6: Think about continuity
With these six steps, you’ll soon be swimming miles in the cloud.
No matter where your information assets live, they need protection. Your security procedures need to respond quickly to any threat. Go to http://hubs.ly/H03YFvj0 and download our cloud risk management cheat sheet for a quick rundown of the typical ways that your risk management program could fail and how to prevent this.
Justin Suissa Principal infoedge LLC justin.suissa@infoedgellc.com linkedin.com/in/jsuissa About infoedge infoedge helps you improve business strategy, accelerate innovation and manage risk, so you can succeed in the information economy.

Recommended

Aidan R resume upadated (2) (1)
Aidan R resume upadated (2) (1)Aidan R resume upadated (2) (1)
Aidan R resume upadated (2) (1)
Aidan Rojas
 
Sociale media
Sociale mediaSociale media
Sociale media
mzantema
 
Rypien Foundation Hosts Annual Winemakers’ Dinner
Rypien Foundation Hosts Annual Winemakers’ DinnerRypien Foundation Hosts Annual Winemakers’ Dinner
Rypien Foundation Hosts Annual Winemakers’ Dinner
Michael Quiel
 
Big Data Developer Mastery Award_certificate
Big Data Developer Mastery Award_certificateBig Data Developer Mastery Award_certificate
Big Data Developer Mastery Award_certificate
Hatem Bensalem
 
Les robes de mariée noviamor
Les robes de mariée noviamorLes robes de mariée noviamor
Les robes de mariée noviamor
annerober
 
Любимой маме!
Любимой маме!Любимой маме!
Любимой маме!
Olga3001
 
Revel. s.a
Revel. s.aRevel. s.a
Revel. s.a
motarolag
 
4º Civilización U4º VA: El ochenio de odría
4º Civilización U4º VA: El ochenio de odría4º Civilización U4º VA: El ochenio de odría
4º Civilización U4º VA: El ochenio de odría
ebiolibros
 

Recommended

Aidan R resume upadated (2) (1)
Aidan R resume upadated (2) (1)Aidan R resume upadated (2) (1)
Aidan R resume upadated (2) (1)
Aidan Rojas
 
Sociale media
Sociale mediaSociale media
Sociale media
mzantema
 
Rypien Foundation Hosts Annual Winemakers’ Dinner
Rypien Foundation Hosts Annual Winemakers’ DinnerRypien Foundation Hosts Annual Winemakers’ Dinner
Rypien Foundation Hosts Annual Winemakers’ Dinner
Michael Quiel
 
Big Data Developer Mastery Award_certificate
Big Data Developer Mastery Award_certificateBig Data Developer Mastery Award_certificate
Big Data Developer Mastery Award_certificate
Hatem Bensalem
 
Les robes de mariée noviamor
Les robes de mariée noviamorLes robes de mariée noviamor
Les robes de mariée noviamor
annerober
 
Любимой маме!
Любимой маме!Любимой маме!
Любимой маме!
Olga3001
 
Revel. s.a
Revel. s.aRevel. s.a
Revel. s.a
motarolag
 
4º Civilización U4º VA: El ochenio de odría
4º Civilización U4º VA: El ochenio de odría4º Civilización U4º VA: El ochenio de odría
4º Civilización U4º VA: El ochenio de odría
ebiolibros
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

More Related Content

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Featured

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

6 Steps to Getting Started in the Cloud

  • 1. steps to getting started in the cloud 6
  • 2. The cloud offers some stellar advantages for your business: Flexibility Elasticity Utility billing Reduced time to market
  • 3. You’re convinced and yet you don’t know what this means to the security and risk exposure of your business and its data.
  • 4. Or what types of protection requirements you’ll need to get.
  • 5. Or who is responsible if your data is vulnerable in the cloud.
  • 6. Before we dive in with these six steps, keep in mind two things: 1. Possibilities of new risks you may encounter 2. Extending what your security team is already doing
  • 7. Now you’re ready to dive in safely, all you need to do is follow these steps.
  • 8. 1Step Make sure you’re clear on who owns what responsibility.
  • 9. Security in the cloud is a shared responsibility between you and your provider. Where your responsibility lies depends on your cloud type.
  • 10. Sometimes it’s not clear who is in charge of what security.
  • 11. How do you figure that out? - Discuss with your cloud provider - Then spell it out in your cloud services agreement
  • 12. 2Step Get clarity on your cloud provider’s control environment
  • 13. Don’t leave this to assumptions. Get clear answers.
  • 14. To figure it out, you’ll need answers to these questions: 1. Where are resources multi-tenancy or shared? You’ll want to know how they provide isolation. 2. How do they screen their employees? Think about it: Now your insider threat potential has increased. 3. How is deletion of data after decommission handled? Your data needs to vanish completely afterwards.
  • 15. Are you ok with multitenancy for your resources? - Ask your cloud provider - Look for their published controls online
  • 17. What’s the business justification for a set of instances? If you understand where it falls against your risk tolerance, you can set the controls. Make sure you know: - Classification of data that will be stored - What the risk profile will be -How critical is it to your business process
  • 18. 4 Step Translate and extend your controls from on-premise to the cloud
  • 19. 1. Inventory & configuration 2. Control access 3. Secure the network 4. Protect data 5. Set up monitoring 6. Adjust risk management Set your controls in these steps:
  • 20. Here’s how you set them up.
  • 21. 1. Inventory & configuration: Put your instances into asset management, adjust and incorporate into your change management process.
  • 22. 2. Control access: Define the roles and permissions – even for the cloud account management.
  • 23. 3. Secure the network: Like you would on premise, partition out with zones based on sensitivity and function. Check if you need to balance the load specific to your infrastructure.
  • 24. 4. Data security: Often data moves over non-private networks. Consider encryption, secure connections and backup.
  • 25. 5. Set up monitoring: Set your controls specific to your level of risk.
  • 26. 6. Plug into your risk management process: Utilize eGRC, anti-malware and WAF. Automation is your friend.
  • 28. Extend your compliance requirements into the cloud. Many regulations now have guidelines for operating in the cloud. Privacy implication and where your data is stored might affect your responsibility.
  • 30. What will happen if you need to switch vendors?
  • 31. Or they get swallowed by a whale and vanish?
  • 32. Think about your backup plan, so you can safely transfer your data to a new provider.
  • 33. Let’s recap the steps you need to do for controlling your cloud-based information risks: Step 1: Make sure you’re clear on who owns what responsibility Step 2: Get clarity on your cloud provider’s control environment Step 3: Get governance in order Step 4: Translate and extend your controls from on-premise to the cloud Step 5: Handle compliance Step 6: Think about continuity
  • 34. With these six steps, you’ll soon be swimming miles in the cloud.
  • 35. No matter where your information assets live, they need protection. Your security procedures need to respond quickly to any threat. Go to http://hubs.ly/H03YFvj0 and download our cloud risk management cheat sheet for a quick rundown of the typical ways that your risk management program could fail and how to prevent this.
  • 36. Justin Suissa Principal infoedge LLC justin.suissa@infoedgellc.com linkedin.com/in/jsuissa About infoedge infoedge helps you improve business strategy, accelerate innovation and manage risk, so you can succeed in the information economy.