Not all clouds are equal
It’s important to remember there are several different types of cloud – private, public, community or hybrid. The approach chosen has the biggest single impact on the level of risk and its manageability.
Location is everything
Knowing where data will reside is essential as the location has a significant impact on its privacy and confidentiality, as well as the legal obligations of those who process and store the data, given the varying regulatory frameworks in place in different legal jurisdictions.
One size does not fit all
By identifying and classifying data, organizations can consider the most appropriate location in which to store particular information. For instance, if it’s too sensitive for a public cloud, a private cloud may prove a secure and viable alternative.
Join the dots
Many of the risks associated with the cloud come about as a result of inadequate service integration. Organizations need to ensure cloud services are effectively joined up – both with one another and with inhouse systems and business services. It’s also worth considering an access-control approach that incorporates and integrates in-house, outsourced and cloud systems.
The burden of compliance
Whilst organizations using cloud services remain responsible for the security and integrity of their own data, to comply with regulations it’s important to ensure the relevant regulatory, corporate, industry or other standards apply (legally or contractually) to the provider.
Who can you trust?
Evaluate the long-term viability of the cloud provider. Remember it may not just be your data at stake but your reputation, so it pays to work with a trusted partner.
Request your copy of The White Book of Cloud Security.