There’s an ongoing debate about when the term “cloud computing” first appeared. But there’s no debate about the cloud’s positive impact over the past decade. Whether discussing technology infrastructure, new data center needs, software as a service, disaster recovery, mobile app delivery or other aspects of future technology innovation, cloud computing is at the center of the conversation.
But security continues to top the list of cloud concerns. To prep for a recent online symposium on improving cloud security, I reviewed 2008 presentations from when I was Michigan’s CISO describing the good, the bad and the ugly in the cloud. Here were some of the bullets:
Do these topics sound familiar? We still struggle with the same challenges that were identified when we drew our first cloud architecture on a whiteboard. Meanwhile, the online threat situation has worsened, with relentless cyberattacks continually moving the “secure” target for even the best cloud providers.
How can you address concerns and drive greater cloud adoption? How can we get to those cost-saving and service delivery benefits, while minimizing risk?
I offer five recommendations to reduce your risk of data loss in the cloud.
1. Perform an enterprise cloud risk assessment. This process is focused on your cloud applications and finding out where data is being stored. The goal? Develop an “as is” cloud assessment. What’s really happening now?
2. Business requirements specification and gap analysis. This step maps what you know about business compliance needs (like PCI, HIPAA and tax data) with what’s actually happening on your network.
3. Build a plan to address “shadow IT.” This step pulls together data from steps one and two to obtain an action plan that brings strategic results. Include legal, procurement and security specialists. There are companies that can help you through this planning and remediation process.
4. Choose a cloud framework to implement. This recommendation is independent of the first three. Here are two options:
5. Examine and implement cloud best practices.
A final thought: Frederick the Great of Prussia once said, “He who defends everything defends nothing.”
We’ll never finish securing the entire cloud. (We’ll always have new online threats and vulnerabilities.) Your goal is to build resilience into your cloud situation and know what to do if an incident occurs with your data.