Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Security icon

Ensure Cloud Security in IaaS, PaaS, and SaaS Environments

Keep your information security risks manageable when leveraging the benefits of cloud computing.

Unlock a Free Sample

View Storyboard

Solution Set Storyboard Thumbnail

Contributors

  • Paul Stillwell, Independent Security Consultant
  • Steven Woodward, CEO and Founder, Cloud Perspectives
  • Michel Fosse, Senior Consultant and Consulting Services Manager, LGS (an IBM Company)
  • John Lamboy, CIO/CISO, eKohs and EPSG

Your Challenge

  • Security remains a large impediment to realizing cloud benefits. Numerous concerns still exist around the ability for data privacy, confidentiality, and integrity to be maintained in a cloud environment.
  • Even if adoption is agreed upon, it becomes hard to evaluate vendors that have strong security offerings and even harder to utilize security controls that are internally deployed in the cloud environment.

Our Advice

Critical Insight

  • The cloud can be secure despite unique security threats.
  • Securing a cloud environment is a balancing act of who is responsible for meeting specific security requirements.
  • Most security challenges and concerns can be minimized through our structured process (CAGI) of selecting a trusted cloud security provider (CSP) partner.

Impact and Result

  • The business is adopting a cloud environment and it must be secured, which includes:
    • Ensuring business data cannot be leaked or stolen.
    • Maintaining privacy of data and other information.
    • Securing the network connection points.
  • Determine your balancing act between yourself and your CSP; through contractual and configuration requirements, determine what security requirements your CSP can meet and cover the rest through internal deployment.
  • This blueprint and associated tools are scalable for all types of organizations within various industry sectors.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should prioritize security in the cloud, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

1. Determine your cloud risk profile

Determine your organization’s rationale for cloud adoption and what that means for your security obligations.

2. Identify your cloud security requirements

Use the Cloud Security CAGI Tool to perform four unique assessments that will be used to identify secure cloud vendors.

4. Implement your secure cloud program

Turn your security requirements into specific tasks and develop your implementation roadmap.

5. Build a cloud security governance program

Build the organizational structure of your cloud security governance program.

Guided Implementations

This guided implementation is a five call advisory process.

Guided Implementation #1 - Determine your cloud risk profile

Call #1 - Discuss risk profile of organization.

Guided Implementation #2 - Identify your cloud security requirements

Call #1 - Walk through completion of assessments.

Guided Implementation #3 - Evaluate vendors from a security perspective

Call #1 - Get ready to approach the right vendors the right way.

Guided Implementation #4 - Implement your secure cloud program

Call #1 - Build an implementation roadmap and communication lines.

Guided Implementation #5 - Build a cloud security governance program

Call #1 - Plan out and create a governance program.