- Leveraging the cloud introduces IT professionals to a new world that they are tasked with securing.
- With many cloud vendors proposing to share the security responsibility, it can be a challenge for organizations to develop a clear understanding of how they can best secure their data off premises.
Our Advice
Critical Insight
- Cloud security is not fundamentally different from security on premises.
- While some of the mechanics are different, the underlying principles are the same. Accountability doesn’t disappear.
- By virtue of its broad network accessibility, the cloud does expose decisions to extreme scrutiny, however.
Impact and Result
- The business is adopting a cloud environment and it must be secured, which includes:
- Ensuring business data cannot be leaked or stolen.
- Maintaining privacy of data and other information.
- Securing the network connection points.
- This blueprint and associated tools are scalable for all types of organizations within various industry sectors.
Build a Cloud Security Strategy Research & Tools
Start Here – read the Executive Brief
Read our concise Executive Brief to find out why you should build a cloud security strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.Besides the small introduction, subscribers and consulting clients within this management domain have access to:
- Build a Cloud Security Strategy – Phases 1-2
1. Explore security considerations for the cloud
Explore how the cloud changes the required controls and implementation strategies for a variety of different security domains.
- Build a Cloud Security Strategy – Phase 1: Explore Security Considerations for the Cloud
- Cloud Security Information Security Gap Analysis Tool
- Cloud Security Strategy Template
2. Prioritize initiatives and construct a roadmap
Develop your organizational approach to various domains of security in the cloud, considering the cloud’s unique risks and challenges.
- Build a Cloud Security Strategy – Phase 2: Prioritize Initiatives and Construct a Roadmap
Workshop: Build a Cloud Security Strategy
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
1 Define Your Approach
The Purpose
Define your unique approach to improving security in the cloud.
Key Benefits Achieved
An understanding of the organization’s requirements for cloud security.
Activities
1.1 Define your approach to cloud security.
1.2 Define your governance requirements.
1.3 Define your cloud security management requirements.
Outputs
Defined cloud security approach
Defined governance requirements
2 Respond to Cloud Security Challenges
The Purpose
Explore challenges posed by the cloud in various areas of security.
Key Benefits Achieved
An understanding of how the organization needs to evolve to combat the unique security challenges of the cloud.
Activities
2.1 Explore cloud asset management.
2.2 Explore cloud network security.
2.3 Explore cloud application security.
2.4 Explore log and event management.
2.5 Explore cloud incident response.
2.6 Explore cloud eDiscovery and forensics.
2.7 Explore cloud backup and recovery.
Outputs
Understanding of cloud security strategy components (cont.).
3 Build Cloud Security Roadmap
The Purpose
Identify initiatives to mitigate challenges posed by the cloud in various areas of security.
Key Benefits Achieved
A roadmap for improving security in the cloud.
Activities
3.1 Define tasks and initiatives.
3.2 Finalize your task list
3.3 Consolidate gap closure actions into initiatives.
3.4 Finalize initiative list.
3.5 Conduct a cost-benefit analysis.
3.6 Prioritize initiatives and construct a roadmap.
3.7 Create effort map.
3.8 Assign initiative execution waves.
3.9 Finalize prioritization.
3.10 Incorporate initiatives into a roadmap.
3.11 Schedule initiatives.
3.12 Review your results.
Outputs
Defined task list.
Cost-benefit analysis
Roadmap
Effort map
Initiative schedule