Securing the cloud
Considering a new model for managing risk
key fact
Using cloud services means that corporate data will be managed by a third-party provider, while the ownership of, and accountability for, the security of that data remains with the organisation itself.
This white paper explains how the move to the cloud can be at odds with traditional forms of information security management, which relies on direct ownership of data in order to be able to control the confidentiality, integrity and availability of information being stored and used.
Using cloud services means that corporate data will be managed by a third-party provider, while the ownership of, and accountability for, the security of that data remains with the organisation itself. This means that organisations need to adopt a different approach to information security management.
The paper goes on to look at the five key questions that IT teams need to ask when sourcing cloud-based products, covering:
- data classification
- identity and access management
- encryption
- shared vulnerabilities
- incident response.
Making sure that information security requirements are addressed right at the start of any cloud adoption process, and ensuring that reputable cloud providers with the relevant accreditations and certifications are selected, will allow businesses to reap the benefits of cloud while minimising risk.
Key Points
- Highlighting the impact of the move away from direct ownership of data
- Explaining the subsequent changes required to security models
- Working through five key questions that all businesses should consider when migrating to cloud-based services