The popularity of cloud computing is growing fast, thanks to its ability to increase flexibility, improve access to data, and cut costs. Yet concerns about the security of the data that is moved to cloud environments remain — for good reason, given the inherent loss of control of critical data the technology demands. Only by developing a comprehensive and systematic approach to assessing the risks of moving data into the cloud — one that takes into account the concerns of both business users and IT security managers — can these risks be managed with confidence.
Our approach begins with a thorough assessment of the applications and data being considered for the cloud. How sensitive is the data, and how serious are the consequences of a potential data breach? Depending on the level of risk, the data must be assigned specific security requirements, and then matched with the cloud architecture being considered — private, public, or hybrid — and its associated security capabilities. Once this process is complete, security managers must work with business users to map out concrete, fact-based solutions regarding which specific cloud environments are appropriate for each data set and application, depending on its level of risk.
Ultimately, cloud security must be placed within the context of each company’s overall information security program, including risk management, incident management, continuity planning, and governance. Doing so will require the combined efforts of everyone with a stake in ensuring the security of the data being moved into the cloud.