36
steps to getting started in the cloud 6

6 Steps to Getting Started in the Cloud

Embed Size (px)

Citation preview

Page 1: 6 Steps to Getting Started in the Cloud

steps to getting started in the cloud6

Page 2: 6 Steps to Getting Started in the Cloud

The cloud offers some stellar advantages for your business:

Flexibility Elasticity Utility billingReduced time to market

Page 3: 6 Steps to Getting Started in the Cloud

You’re convinced and yet you don’t know what this means to the security and risk exposure of your business and its data.

Page 4: 6 Steps to Getting Started in the Cloud

Or what types of protection requirements you’ll need to get.

Page 5: 6 Steps to Getting Started in the Cloud

Or who is responsible if your data is vulnerable in the cloud.

Page 6: 6 Steps to Getting Started in the Cloud

Before we dive in with these six steps, keep in mind two things:1. Possibilities of new risks you may encounter

2. Extending what your security team is already doing

Page 7: 6 Steps to Getting Started in the Cloud

Now you’re ready to dive in safely, all you need to do is follow these steps.

Page 8: 6 Steps to Getting Started in the Cloud

1 Step Make sure you’re clear on who owns what responsibility.

Page 9: 6 Steps to Getting Started in the Cloud

Security in the cloud is a shared responsibility between you and your

provider. Where your responsibility lies depends on your cloud type.

Page 10: 6 Steps to Getting Started in the Cloud

Sometimes it’s not clear who is in charge of what security.

Page 11: 6 Steps to Getting Started in the Cloud

How do you figure that out?- Discuss with your cloud provider

- Then spell it out in your cloud services agreement

Page 12: 6 Steps to Getting Started in the Cloud

2 Step Get clarity on your cloud provider’s control environment

Page 13: 6 Steps to Getting Started in the Cloud

Don’t leave this to assumptions. Get clear answers.

Page 14: 6 Steps to Getting Started in the Cloud

To figure it out, you’ll need answers to these questions:1. Where are resources multi-tenancy or shared? You’ll want to know how they provide isolation. 2. How do they screen their employees? Think about it: Now your insider threat potential has increased.3. How is deletion of data after decommission handled? Your data needs to vanish completely afterwards.

Page 15: 6 Steps to Getting Started in the Cloud

Are you ok with multitenancy for your resources?- Ask your cloud provider- Look for their published controls online

Page 16: 6 Steps to Getting Started in the Cloud

3 Step Get governance in order

Page 17: 6 Steps to Getting Started in the Cloud

What’s the business justification for a set of instances? If you understand where it falls against your risk tolerance, you can set the controls.

Make sure you know:- Classification of data that will be stored - What the risk profile will be-How critical is it to your business process

Page 18: 6 Steps to Getting Started in the Cloud

4 Step

Translate and extend your controls from on-premise to the cloud

Page 19: 6 Steps to Getting Started in the Cloud

1. Inventory & configuration2. Control access3. Secure the network

4. Protect data5. Set up monitoring 6. Adjust risk management

Set your controls in these steps:

Page 20: 6 Steps to Getting Started in the Cloud

Here’s how you set them up.

Page 21: 6 Steps to Getting Started in the Cloud

1. Inventory & configuration: Put your instances into asset management, adjust and incorporate into your change management process.

Page 22: 6 Steps to Getting Started in the Cloud

2. Control access: Define the roles and permissions – even for the cloud account management.

Page 23: 6 Steps to Getting Started in the Cloud

3. Secure the network: Like you would on premise, partition out with zones based on sensitivity and function. Check if you need to balance the load specific to your infrastructure.

Page 24: 6 Steps to Getting Started in the Cloud

4. Data security: Often data moves over non-private networks. Consider encryption, secure connections and backup.

Page 25: 6 Steps to Getting Started in the Cloud

5. Set up monitoring: Set your controls specific to your level of risk.

Page 26: 6 Steps to Getting Started in the Cloud

6. Plug into your risk management process: Utilize eGRC, anti-malware and WAF. Automation is your friend.

Page 27: 6 Steps to Getting Started in the Cloud

Handle compliance5 Step

Page 28: 6 Steps to Getting Started in the Cloud

Extend your compliance requirements into the cloud. Many regulations now have guidelines for operating in the cloud. Privacy implication and where your data is stored might affect your responsibility.

Page 29: 6 Steps to Getting Started in the Cloud

6 StepThink about continuity

Page 30: 6 Steps to Getting Started in the Cloud

What will happen if you need to switch vendors?

Page 31: 6 Steps to Getting Started in the Cloud

Or they get swallowed by a whale and vanish?

Page 32: 6 Steps to Getting Started in the Cloud

Think about your backup plan, so you can safely transfer your data to a new provider.

Page 33: 6 Steps to Getting Started in the Cloud

Let’s recap the steps you need to do for controlling your cloud-based information risks:

Step 1: Make sure you’re clear on who owns what responsibility Step 2: Get clarity on your cloud provider’s control environmentStep 3: Get governance in orderStep 4: Translate and extend your controls from on-premise to the cloudStep 5: Handle complianceStep 6: Think about continuity

Page 34: 6 Steps to Getting Started in the Cloud

With these six steps, you’ll soon be swimming miles in the cloud.

Page 35: 6 Steps to Getting Started in the Cloud

No matter where your information assets live, they need protection. Your security procedures need to

respond quickly to any threat.

Go to http://hubs.ly/H03YFvj0 and download our cloud risk management cheat sheet for a quick rundown of the typical ways that your risk management program could

fail and how to prevent this.

Page 36: 6 Steps to Getting Started in the Cloud

Justin SuissaPrincipalinfoedge [email protected]/in/jsuissa

About infoedge infoedge helps you improve business strategy, accelerate innovation and manage risk, so you can succeed in the information economy.