Three critical components to simplified security for cloud adoption

This blog is a preface for my presentation at the November CSA Congress EMEA 2015 in Berlin. There are 10 steps for developing your game plan to securely adopt cloud computing which I’ll be sharing in Berlin, and here I discuss three pillars to get in place before you begin your cloud engagement. Apologies to those that like the complexity of the subject, but as Einstein once said, ‘everything should be made as simple as possible, but not simpler.’ 

There is a lot of uncertainty around cloud security and the mystery of how to keep your data safe in the cloud. It’s challenging but not impossible, clearly. There a few things to think about (understatement!) when taking on any information security initiative, in particular those that are taking your key systems and applications to IaaS cloud platforms. 

The first very big question is to know Why Cloud? Hopefully it’s not the buzz around cloud, fear of falling behind the times or the perception that everyone seems to be using cloud services - including your competitors.

Really understand if you need it or want it for your business and what the real benefits are. That’s vital as the risk vs cost benefit can only properly be calculated with real requirements.

I then recommend understanding and investigating three core components of embarking on secure cloud adoption:

Firstly, the level of technology, services and experience within the industry provides more than enough security measures to address the cloud security challenges. Its important to keep in mind cloud security is as much about process and people than it is about technology.  

Secondly, the complexity around cloud security and therefore the associated higher probability of risks or breaches happens when organisations mix legacy systems or traditional IT with their cloud environment within the same application

environment. It’s the gradual approach to adoption that generally brings the most risk as it’s neither one thing or the other. 

Thirdly, keep things simple and focused. There is a great deal of expertise and products out there, however, you must understand what you need first and why. Then which provider, cloud architecture, platform, access management, virtual switch, etc. will be simpler when you have defined your game plan. 

Join us at Cloud Security Alliance, November 17th if you can – I’ll be talking through the 10 steps to the right analysis and planning for defining your Cloud Game Plan. If you can’t make it submit your email address here for a copy of the slides and our forthcoming report.