Think as a Cloud Provider
Step No. 5: Think as a cloud provider
While most enterprises will begin by thinking of themselves as cloud consumers, don't forget that your organization is also part of a value chain: you supply services to your customers and partners. If you can get the risk/reward balance right for you to profitably consume cloud services, why not use the same thinking to guide your entry as cloud provider into your ecosystem? This will also help your organization to better understand what is happening within the cloud providers.
Step No. 6: Familiarize yourself with and start using Web security standards now
The Web security industry has been working on securing and managing cross-domain systems for a long time. Out of this work has come many useful security standards that are already in use (or should be) to secure cloud services. These standards must be adopted for security systems to be effective in the cloud-connected world. These standards include Security Assertion Markup Language (SAML), Service Provisioning Markup Language (SPML), Extensible Access Control Markup Language (XACML) and Web Services-Security (WS-Security). A positive word of encouragement for enterprises federating browser sessions today with SAML: You have already expanded your cloud security IQ.
One of the most important requirements for enterprises to improve the security of cloud services is to ensure that security professionals be seen as rational advocates for the cloud, not as naysayers or doubters. Properly balanced, business-driven technologists can become positive forces in the risk/reward dialogue and help raise the probability of getting cloud security right for their enterprise.
Matthew Gardiner is a Director in the Security and Compliance business unit at CA, Inc. Matthew is a recognized industry leader in the security and identity and access management markets. Matthew also serves as vice president and board member for the Kantara Initiative, an industry group focused on digital identities and how they can interoperate with today's technology deployments. Matthew is a frequent speaker at conferences and industry events worldwide, such as those hosted by Internet Security Solutions Europe (ISSE), Information Systems Audit and Control Association (ISACA), analyst firms and Liberty Alliance. He has a BSEE from the University of Pennsylvania and an SM in Management from MIT's Sloan School of Management. He can be reached at firstname.lastname@example.org.