Cloud operations are now integrated into all kinds of organizations as both standard and critical services. Yet this ubiquitous service consumption option comes with plenty of reasonable and rational security concerns, and responsible organizations must get out in front of them to handle them effectively.
But how? Kevin L. Jackson—CEO of CC Globalnet, a globally recognized cloud computing thought leader, and an (ISC)2 Certified Cloud Security Professional instructor—delves into the actions for keeping data safe in the cloud. The foundational element for achieving cloud data security, perhaps the one single secret to keeping cloud deployment secure, is to clearly document the organization’s overall cloud security requirements.
“To begin with, cloud security requires you to look at all aspects of the cloud, both single cloud and multiple cloud,” Kevin says.
He splits the braided issues of cloud security requirements into four distinct threads, all of which an organization can use to take direct action:
1. Examine the roles and responsibilities of the cloud service provider, the organization, and any third party that has access to the org’s data for compatibility.
“The key driver should be your business data management policies,” Kevin says. After all, when a company chooses to partner with (and rely on) a particular CSP, the organization ultimately agrees to manage its own data in accordance with that CSP’s policies and procedures—not the organization’s own. Third parties will also be bound by these policies if they are accessing and using the organization’s cloud-stored data.
“You need to understand and accept that fact,” he says. “This acceptance requires you to confirm that their data management security policies are compatible with your own.”
2. Evaluate the technical and organizational aspects of the chosen service and deployment models.
This action holds for all service models—infrastructure, platform, or SaaS—and deployment models—public, private, hybrid, or community cloud. Essentially, no matter what model an organization chooses, the onus for evaluating those models rests on the organization itself.
“Your team must evaluate available security controls and how they can be used to protect your data,” Kevin says. “This evaluation will help you determine which aspects of the service provider’s data security operations are critical to your organization’s performance and its ability to meet all performance goals.”
When he says “all performance goals,” he means all: revenue attainment, business goals, mission requirement, customer needs. Organizations also need to understand the data security and data privacy requirements within their local, regional, and national environments, including cross-border data flows. The CSP offers the platform, but the organization is responsible for how and whether that platform complies with its own responsibilities and needs.
3. Assess service availability and management options by CSP region.
It deserves its own section: all services may not be available in every region. Verify that the CSP’s service availability and management options are congruent with the organization’s environment and reach.
4. Question and understand service level agreement lapses.
This is an often-overlooked aspect of cloud security partnerships. “What happens if the cloud service provider fails to deliver in accordance with the agreed service level agreement?” Kevin asks. “What would your organization do if this should occur?”
These questions are worth diving into the rabbit hole. How would the organization detect an SLA lapse? In what ways would such a service failure impact customers? What type or degree of SLA breach would warrant moving to a different CSP?
The results from each of these actions will lay the foundation of an organization’s cloud data security. In his Pluralsight webinar, Kevin builds on this foundation to illuminate the five critical actions organizations can take for securing their cloud operations.
5 keys to successful organizational design
How do you create an organization that is nimble, flexible and takes a fresh view of team structure? These are the keys to creating and maintaining a successful business that will last the test of time.Read more
Why your best tech talent quits
Your best developers and IT pros receive recruiting offers in their InMail and inboxes daily. Because the competition for the top tech talent is so fierce, how do you keep your best employees in house?Read more
Technology in 2025: Prepare your workforce
The key to surviving this new industrial revolution is leading it. That requires two key elements of agile businesses: awareness of disruptive technology and a plan to develop talent that can make the most of it.Read more