Cloud computing promises incredible benefits to an enterprise in terms of speed, flexibility, agility and cost. As the need to share data over vast networks outside the business’s perimeter raise, businesses today are faced with big questions: Who has access to data? How can you control it? How can you get users to trust the services they interact with?
Organizations like Cloud Security Alliance (CSA), and such other service providers are working towards putting standards, specifications, and protocols in place for cloud computing., with an agenda to improve governance, simplify interoperability, and enforce security controls. Though a lot of progress has been made, there’s a lot left to do. However, tohelp you avoid falling into the pitfalls enterprises do today, we thought we’ll list out 3 best practices you could start following from today.
Firstly, conduct a comprehensive risk assessment before you contract with any cloud provider. Look not just at the provider’s security and compliance activities, but also at how stringent their policy applications to their subcontractors are. Study how easily you can migrate your data to another platform at the end of a contract, and how likely the provider is to drop offline or go bankrupt. Cloud standards organizations have already published frameworks and benchmarks you can use to conduct your assessment.
Secondly, learn how your own security works in a cloud environment. Ask yourself how comprehensive your existing security capability is. Can you adequately protect your data and your user identities beyond the perimeter? Have you considered employing vital techniques like authentication and encryption?
Thirdly, implement a strong ongoing governance framework. Gather relevant information from providers and from your own systems, and monitor security events and compliance with internationally accepted best-practices. Check if your providers are continually fulfilling their SLAs and contracted obligations. Lastly, plan as to how you’ll respond to and remediate problems.
However this three-part framework is bound to serve you well, there is a fourth stage recommend, too, which is nothing but cloud security. It’s a demanding and exciting time, and your input can help shape the future.
Jagadeesh is a former Happiest Mind and this content was created and published during his tenure.
