Cloud Security Governance Considerations for Organisations20 April 2020 | Shivani Jariwala
However, cloud security is a primary concern due to loss, or perceived loss, of control. A survey conducted by Cloud Security Alliance CSA: Challenges in Managing Security in Hybrid and Multi-Cloud Environments identified potential disconnects and misinformation related to the importance of visibility into critical cloud resources. In particular, what levels of security experts are required when using cloud services? The vast majority of respondents (81%) expressed concerns about security when considering moving data to the cloud. Respondents’ concerns about data loss and leakage risks were also high (63% of respondents) when considering moving to the public cloud.
The reality is the cloud, and its ever-growing set of services is here, whether you have already adopted cloud services, are evaluating cloud options, or are still researching. To help, I have outlined some essential cloud governance recommendations that organisations should consider before adopting cloud.
An organisation’s cloud security strategy sets the tone for its security posture. With a solid plan based on the right guidance, organisations can confidently move forward, making sound business decisions, charting a direct course through migration, and reaping the many benefits the cloud offers. A distinct “cloud computing services” policy must be defined, outlining:
Existing policies must be updated to accommodate cloud services such as incident management, access control, etc. New policies will also need to be developed for things like third-party outsourcing, external audit policies, etc.
Governance for cloud is critical for both customers and cloud service providers (CSP). This is especially important as organisations need to understand who will be managing the cloud and where assets are stored. The storage of confidential or ultrasensitive information could be at risk depending on the sovereign status and laws the storage facility must follow. Depending on the service model, control of various technology elements will shift from one party to another. Deployment model may define accountability and expectation. Cloud customers should review cloud service providers governance sufficiency, maturity and consistency, and collaborative governance should be considered where needed.
You must not assume that you can outsource the responsibility of compliance to CSP. Compliance requirements need to be mapped by organisations. Contracts should include a number of well-defined specifications:
Responsibility for security must be considered a shared mandate throughout the organisation. Complex cloud environments are the new reality for organizations. Digital14 recommends that organisations address security requirements before adopting cloud technologies in order to create realistic and manageable network environments rather than simply putting out fires as they arise after deploying new technologies.
To learn more, visit digital14.com/protect today.
Connect with us