- Paul Stillwell, Independent Security Consultant
- Steven Woodward, CEO and Founder, Cloud Perspectives
- Michel Fosse, Senior Consultant and Consulting Services Manager, LGS (an IBM Company)
- John Lamboy, CIO/CISO, eKohs and EPSG
- Security remains a large impediment to realizing cloud benefits. Numerous concerns still exist around the ability for data privacy, confidentiality, and integrity to be maintained in a cloud environment.
- Even if adoption is agreed upon, it becomes hard to evaluate vendors that have strong security offerings and even harder to utilize security controls that are internally deployed in the cloud environment.
- The cloud can be secure despite unique security threats.
- Securing a cloud environment is a balancing act of who is responsible for meeting specific security requirements.
- Most security challenges and concerns can be minimized through our structured process (CAGI) of selecting a trusted cloud security provider (CSP) partner.
Impact and Result
- The business is adopting a cloud environment and it must be secured, which includes:
- Ensuring business data cannot be leaked or stolen.
- Maintaining privacy of data and other information.
- Securing the network connection points.
- Determine your balancing act between yourself and your CSP; through contractual and configuration requirements, determine what security requirements your CSP can meet and cover the rest through internal deployment.
- This blueprint and associated tools are scalable for all types of organizations within various industry sectors.
This guided implementation is a five call advisory process.
Guided Implementation #1 - Determine your cloud risk profile
Call #1 - Discuss risk profile of organization.
Guided Implementation #2 - Identify your cloud security requirements
Call #1 - Walk through completion of assessments.
Guided Implementation #3 - Evaluate vendors from a security perspective
Call #1 - Get ready to approach the right vendors the right way.
Guided Implementation #4 - Implement your secure cloud program
Call #1 - Build an implementation roadmap and communication lines.
Guided Implementation #5 - Build a cloud security governance program