Security for Cloud

The benefits of cloud are widely discussed and organizations are adopting more cloud services for a variety of workloads across all industries and sectors. However, this delivery model also brings forth new risks that need to be handled accordingly. Often these risks are either neglected resulting in a reduced level of cybersecurity, mitigated in a fashion that is not optimally cost-efficient, or overemphasized resulting in no cloud adoption just in case.

We feel that when adopting cloud services in an optimal situation the following aspects are considered:

Cloud Providers

Cloud service providers need to be trusted to let you confidently outsource your operations and to be able to leverage that trust for your own cloud solution for your customers. In order to be able gain that trust, the following areas need to be considered:

  • Providers are auditable or audited providing the relevant transparency for the audits that have been performed to support sufficient due diligence.
  • Security of the technology has been assessed for relevant issues.
  • Contracts and legislation with providers support the required level of compliance.

People and Processes

Cloud processes need to be aligned with the business need; they are unambiguous yet agile. People understand the processes and are protected appropriately. To trust that these are handled accordingly the following aspects should be considered:

  • A general cloud playbook based on strategy exists to facilitate cloud use and adoption.
  • People are trained to understand acceptable cloud use and compliance requirements.
  • Processes are audited for cloud use including service and user lifecycle and access rights.

Security Spend

Security spend for cloud services needs to be optimized based on relevant threats and risk level. The following measures can help ensure that the investments made on cloud security are not over- or under budgeted:

  • Relevant threats are identified and quantified.
  • Monitoring & log management provides information to justify investments beyond system availability.
  • Services and security levels are classified by data requirements and system criticality.

End Users

People using cloud services need to see the benefits and trust that relevant security procedures are in place to support, not to inhibit cloud use. To ensure that the end users are adopting cloud services the following aspects should be considered:  

  • End users do not see security measures, or in case they do it creates trust that what they do is secure and compliant.
  • Identity and access management help seamless cloud onboarding.
  • End user experiences the benefits of the cloud and stands behind the delivery model.

Interested in learning more about how we can help you safely leverage the benefits of cloud? Please contact Eero Öster, Head of Cloud Transformation to discuss in more detail.