Business Service Cloud Readiness Review
Identification of Cloud Security/Privacy Controls
Validate Cloud Security Controls Effectiveness
Cloud Integration Guidance
Vendor Contract Language Assistance
Knowledge Transfer & Training
Prior to jumping on the bandwagon, every organization must answer the following questions to determine their risk tolerance for moving data, resources or assets to various cloud computing models:
What are the risks if:
1 – The cloud-hosted resource or asset becomes publicly available, or modified?
2 – The cloud-provider has access to the hosted resource or asset, or modifies it?
3 – Unauthorized changes were made to the cloud-hosted process or service?
4 – Cloud-hosted process did not produce the intended output?
5 – The cloud-hosted resource or asset becomes unavailable or its performance degraded?
Based on the responses to the above questions, and the declared Classification (Categorization and Sensitivity) of data, resource or asset, an organization is best positioned to benefit from cloud computing if they understand and manage the associated risks with cloud-hosting. Decision to select from the Public, Community, Private, or Hybrid deployment models, as well as the layers of security to be applied, should be determined based on the perceived risks, and the same level of due diligence must be applied to ensure confidentiality, integrity, and availability of data, resource, or asset.
At Corpnet Consulting, we have provided guidance to our clients on cloud computing in the following areas:
- Develop strategy around the use of cloud computing services
- Review business services that are candidates for cloud hosting
- Perform data flow and threat modeling to identify the security and privacy controls requirements
- Plan for the extension of identity and access management services to the cloud
- Validate the effectiveness of security policies, and plan for their extended application to the cloud
- Develop a strategy to validate the effectiveness of cloud security controls
- Perform vulnerability assessment and penetration testing of cloud services
- Formalize an organizational risk posture for cloud hosting options
- Provide migration and implementation assistance
- Assist with cloud provider contract language and negotiations