We feel that when adopting cloud services in an optimal situation the following aspects are considered:
Cloud service providers need to be trusted to let you confidently outsource your operations and to be able to leverage that trust for your own cloud solution for your customers. In order to be able gain that trust, the following areas need to be considered:
- Providers are auditable or audited providing the relevant transparency for the audits that have been performed to support sufficient due diligence.
- Security of the technology has been assessed for relevant issues.
- Contracts and legislation with providers support the required level of compliance.
People and Processes
Cloud processes need to be aligned with the business need; they are unambiguous yet agile. People understand the processes and are protected appropriately. To trust that these are handled accordingly the following aspects should be considered:
- A general cloud playbook based on strategy exists to facilitate cloud use and adoption.
- People are trained to understand acceptable cloud use and compliance requirements.
- Processes are audited for cloud use including service and user lifecycle and access rights.
Security spend for cloud services needs to be optimized based on relevant threats and risk level. The following measures can help ensure that the investments made on cloud security are not over- or under budgeted:
- Relevant threats are identified and quantified.
- Monitoring & log management provides information to justify investments beyond system availability.
- Services and security levels are classified by data requirements and system criticality.
People using cloud services need to see the benefits and trust that relevant security procedures are in place to support, not to inhibit cloud use. To ensure that the end users are adopting cloud services the following aspects should be considered:
- End users do not see security measures, or in case they do it creates trust that what they do is secure and compliant.
- Identity and access management help seamless cloud onboarding.
- End user experiences the benefits of the cloud and stands behind the delivery model.
Interested in learning more about how we can help you safely leverage the benefits of cloud? Please contact Eero Öster, Head of Cloud Transformation to discuss in more detail.