IT Security & Network Security News & Reviews: 10 Security Tips to Prevent a Cloud Migration Disaster

 
 
By Fahmida Y. Rashid  |  Posted 2011-09-30
 
 
 

Identity and Access Management Control

You need to know who is accessing your data, at what levels they can access it and whether they can alter it. This requires a clear, concise and auditable identity and access management control system that includes vendors, sub-contractors and your employees.

Identity and Access Management Control

ROI

Cloud computing can yield a high security ROI because you dont have to hire a whole security team. Evaluate the security costs of your current data center operations and build appropriate security controls into your Service Level Agreement (SLA) to generate a high ROI.

ROI

Business Continuity

Your business must operate at all times. Thats why you need business continuity based on the level of down time your business can withstand. Negotiate your tolerance levels and determine if you need to take out an insurance liability policy against your cloud provider.

Business Continuity

Security Configuration

Remember to keep your crown jewels separate from your costume jewelry. Take inventory of your data, strategically manage security levels based on information prioritization and configure security based on the privacy levels of corporate data. In the long run, it will save you money.

Security Configuration

Reporting and Notification

How will you be notified of malware incidents or attacks on your data? Develop a plan that determines what types of incidents need to be reported and to whom. Know at what point during the notification process you should call in local law enforcement.

Reporting and Notification

Determine Risk

The cloud helps increase business efficiency and productivity, but also increases risk of data loss. Acknowledge this tradeoff and ensure that you have compensating security controls in place to protect data, such as email encryption.

Determine Risk

Private Data

If youre putting private data such as personnel records in the cloud, determine in advance the reporting requirements necessary to satisfy privacy breach notification laws.

Private Data

Evaluate the Environment

Consistent auditing and evaluation allows you to update any missing links within your security solution for improved compliance and effectiveness. It also supplies the verification component to the trust-but-verify model.

Evaluate the Environment

How to Investigate

You need to be prepared in case you become the subject of an internal- or law-enforcement investigation. Make certain your cloud provider will support your efforts.

How to Investigate

Exit Strategy

Be 100 percent clear on what leaving your cloud provider means. How will they give you back your data, sanitize it from their systems and backup tapes, and ensure you have no further liability?

Exit Strategy

Rocket Fuel