Go or not go to cloud?
Cloud Security & #8211; See 10 principles and risks to consider that will help answer the question.
Every day we are armed with an avalanche of news and publicity about cloud computing. Although the theme has been well explored, with greater representation since 2008, when we began to closely monitor the emergence of this new service model, in Brazil there are still few companies that have decided to migrate to cloud computing. The reasons are many, ranging from insecurity regarding the protection of sensitive data and, most importantly, the lack of maturity in the governance of this new environment.
Migrating from traditional corporate IT governance to governance of this new business environment cloud - allowing data storage anywhere in the world and anytime & #8211; needs a redefinition of the control model, whether it is a public or private environment. Prior to this migration, you must have involved all areas of the business, including business, security, IT, risk, and more. And some questions need to be asked, such as what to take to cloud? What's from the provider and what's mine? What type of cloud is right for my corporation? It is necessary to make clear the obligations of suppliers and the rights of the contractor, all formalized in a legal contract. This is a way to ensure greater safety and reliability in service.
As happened years ago with the emergence of service outsourcing, cloud computing is nothing more than a outsoursing, by moving from an internal environment to an internet environment, which promises economy, flexibility, agility, scalability and availability. But achieving these benefits requires the company to have efficient and effective governance and controls tailored to the cloud environment.
Economics and scalability are the biggest draw for cloud computing. The ability to scale up and down the environment as needed, and reduce costs with infrastructure and technology abstraction, must be considered for cloud governance for greater control of the environment.
Information Security is even more important in the cloud, where it is necessary to have defined who has control of the information, who can share and, above all, have determined with the provider all the rules and laws applied to migrated data in order to control and audit what is being done within your environment. It is essential to be aware that data security is not only about controlling access, but also about ensuring a healthy and available environment.
Although theoretically widespread, cloud computing is still a maturing and reinventing technology with new functionality. Decision-making to migrate to this new service model must first pass through sensitive points of the company that reach all areas in creating a new governance model.
Cloud Security: See These Ten Considerations
1. Recovery and incident response in case of cloud loss;
2. Protection of cloud data and information, such as encryption, including from platform administrators;
3. Consider creating new metrics to assess the security of cloud assets and services;
4. Consider strategies for rolling back or migrating from cloud solution provider;
5. Consider data protection when testing production information such as masking;
6. Assess availability at peak service utilization;
7. Consider the security of intellectual property stored in the cloud, including the competitive advantages of each company (if the company is technology based);
8. Consider increasing criticality of cloud incidents;
9. Consider the provider's local laws and their rights and obligations in relation to the provider (lost profit, loss and damage, NDA);
10. Consider the evaluation of third parties, auditors and consultants, regarding good safety practices.
Make a diagnosis with SAFEWAY before making any decisions. More information on here