Security icon

Build a Cloud Security Strategy

Secure the cloud by considering its unique challenges.

Get Instant Access
to this Blueprint

Contributors

  • Yvon Day, Asset Management Consultant, BDC
  • Christopher Odediran, Head of IT Asset Management, Mott Macdonald
  • Tammy Krauthammer, VP of Technology, LPL Financial
  • Luz Cervantes, IT Asset Manager, Northgate Markets
  • Leveraging the cloud introduces IT professionals to a new world that they are tasked with securing.
  • With many cloud vendors proposing to share the security responsibility, it can be a challenge for organizations to develop a clear understanding of how they can best secure their data off premises.

Our Advice

Critical Insight

  • Cloud security is not fundamentally different from security on premises.
  • While some of the mechanics are different, the underlying principles are the same. Accountability doesn’t disappear.
  • By virtue of its broad network accessibility, the cloud does expose decisions to extreme scrutiny, however.

Impact and Result

  • The business is adopting a cloud environment and it must be secured, which includes:
    • Ensuring business data cannot be leaked or stolen.
    • Maintaining privacy of data and other information.
    • Securing the network connection points.
  • This blueprint and associated tools are scalable for all types of organizations within various industry sectors.

Research & Tools

Start Here – read the Executive Brief

Read our concise Executive Brief to find out why you should build a cloud security strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Explore security considerations for the cloud

Explore how the cloud changes the required controls and implementation strategies for a variety of different security domains.

2. Prioritize initiatives and construct a roadmap

Develop your organizational approach to various domains of security in the cloud, considering the cloud’s unique risks and challenges.

Guided Implementations

This guided implementation is a seven call advisory process.

Guided Implementation #1 - Explore security considerations for the cloud

Call #1 - Scope requirements, objectives, and your specific challenges.
Call #2 - Review cloud considerations for security controls.
Call #3 - Discuss security implications of cloud service models.
Call #4 - Finalize list of initiatives for securing the cloud.

Guided Implementation #2 - Prioritize initiatives and construct a roadmap

Call #1 - Prioritize initiatives identified in Phase 1.
Call #2 - Build execution waves and introduce Gantt chart.
Call #3 - Finalize roadmap and discuss next steps.

Onsite Workshop

Unlock This Blueprint

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Define Your Approach

The Purpose

Define your unique approach to improving security in the cloud.

Key Benefits Achieved

An understanding of the organization’s requirements for cloud security.

Activities

Outputs

1.1

Define your approach to cloud security.

  • Defined cloud security approach
1.2

Define your governance requirements.

  • Defined governance requirements
1.3

Define your cloud security management requirements.

Module 2: Respond to Cloud Security Challenges

The Purpose

Explore challenges posed by the cloud in various areas of security.

Key Benefits Achieved

An understanding of how the organization needs to evolve to combat the unique security challenges of the cloud.

Activities

Outputs

2.1

Explore cloud asset management.

2.2

Explore cloud network security.

2.3

Explore cloud application security.

2.4

Explore log and event management.

2.5

Explore cloud incident response.

2.6

Explore cloud eDiscovery and forensics.

2.7

Explore cloud backup and recovery.

  • Understanding of cloud security strategy components (cont.).

Module 3: Build Cloud Security Roadmap

The Purpose

Identify initiatives to mitigate challenges posed by the cloud in various areas of security.

Key Benefits Achieved

A roadmap for improving security in the cloud.

Activities

Outputs

3.1

Define tasks and initiatives.

3.2

Finalize your task list

  • Defined task list.
3.3

Consolidate gap closure actions into initiatives.

3.4

Finalize initiative list.

3.5

Conduct a cost-benefit analysis.

  • Cost-benefit analysis
3.6

Prioritize initiatives and construct a roadmap.

  • Roadmap
3.7

Create effort map.

  • Effort map
3.8

Assign initiative execution waves.

3.9

Finalize prioritization.

3.10

Incorporate initiatives into a roadmap.

3.11

Schedule initiatives.

  • Initiative schedule
3.12

Review your results.

Member Testimonials

Unlock Sample Research

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.

Client

Experience

Impact

$ Saved

Days Saved

Renown Health

Guided Implementation

10/10

$62,810

47

BDO Digital, LLC

Guided Implementation

9/10

N/A

2

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019