Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Secure Cloud Adoption - Checklist


Published on

An approach to cloud adoption is a secure way. As security is a major concern for many organisations adopting cloud services, this is a way of starting the cloud adoption security strategy in a cost effective way. Basically leveraging existing standards and approaches.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Secure Cloud Adoption - Checklist

  1. 1. Your game plan for secure cloud adoption Migrating to the cloud securely needn’t be complicated. By following ten simple steps before engaging cloud service providers (CSPs) you can take a clear-headed approach to migration and avoid becoming bogged down in detail. Next month at CSA Congress EMEA 2015, I’ll be explaining how to develop a winning cloud adoption game plan in detail and the checklist below highlights the key points forming the basis of my presentation. These ten steps will help you define your adoption strategy, highlight key require- ments and make the right decisions about processes and business and technical controls. Read on to discover if your organisation is match-fit for cloud adoption. Simplified Security for Cloud Adoption - Define your game plan Information Assurance Consulting Services Scope Start by determining the scope of the task ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. 01 Why? Ask yourself why you’re migrating your chosen ap- plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. 02 Why not? List your top five concerns in relation to the objectives you’ve chosen. It’s likely these will be predominately security-related, but also consider factors such as availability, cost of migration, and additional resource needed. 03 Review Review steps 1 to 3 and ensure the objectives and concerns you’ve examined are directly relevant to the project scope. This will help you retain focus on what’s critical to your organisation. 04
  2. 2. Assess criticality Next, assess the criticality of your assets. We recom- mend implementing a 1 to 3 score based on low, medium or high criticality, then assigning it at an ap- plication estate level. This will enable you to cate- gorise assets in batches. For example, a market analysis application estate might include fifteen individual assets, all of which can be covered by assigning them the same level of criticality. 05 Engage and demand Now you’ve got a game plan, you’re ready to kick-off your cloud migra- tion. Equipped with the knowledge gained over the course of this process, you’re prepared to engage cloud service providers and demand the technical and process controls that are right for your organisation. 10 Choose solutions Next, match specific controls to your requirement. Not all of these will be technical and you may be able to overcome challenges with existing or new processes. Equally, new hires may be necessary. Before investing in people or technology, ensure these will enable you to deliver the spe- cific benefits identified within the scope of your project. 09 Define requirements Define your key security requirements based on the output of the threat modelling you’ve conducted. Firstly, ensure you can mitigate the 80% of generic security risks, but concentrate time and re- sources on guarding against the 20% of cloud-specific threats. 08 06 Apply the 80 / 20 Principle It’s likely that 80% of your risk is generic across your estate and therefore, as all assets have the same criticality, they should be treated similarly. The remaining 20% is specific and bespoke to your cloud migration and requires more time and effort. By segmenting your assets into these two groups and applying the same level of security to each, you can safeguard all of your assets efficient- ly and cost-effectively. 07 Threat modelling By identifying the specific threats other organisations in your sector or industry have faced, you can define the right type of counter measures to protect your organisation. The Cloud Security Alliance, PwC and Verizon all publish reliable, industry-specific research on a regular basis, providing you with a robust starting point for threat modelling. Your game plan for secure cloud adoption. Simplified Security for Cloud Adoption - Define your game plan Learn how to implement these steps effectively by attending my presentation at CSA Congress EMEA 2015 on 17 November. I’ll be speaking at 14:00 during Track 2: Strategies, Governance, Risk Management.