Identity and Access Management Control

You need to know who is accessing your data, at what levels they can access it and whether they can alter it. This requires a clear, concise and auditable identity and access management control system that includes vendors, sub-contractors and your employees.

Cloud computing can yield a high security ROI because you dont have to hire a whole security team. Evaluate the security costs of your current data center operations and build appropriate security controls into your Service Level Agreement (SLA) to generate a high ROI.

Your business must operate at all times. Thats why you need business continuity based on the level of down time your business can withstand. Negotiate your tolerance levels and determine if you need to take out an insurance liability policy against your cloud provider.

Remember to keep your crown jewels separate from your costume jewelry. Take inventory of your data, strategically manage security levels based on information prioritization and configure security based on the privacy levels of corporate data. In the long run, it will save you money.

How will you be notified of malware incidents or attacks on your data? Develop a plan that determines what types of incidents need to be reported and to whom. Know at what point during the notification process you should call in local law enforcement.

The cloud helps increase business efficiency and productivity, but also increases risk of data loss. Acknowledge this tradeoff and ensure that you have compensating security controls in place to protect data, such as email encryption.

If youre putting private data such as personnel records in the cloud, determine in advance the reporting requirements necessary to satisfy privacy breach notification laws.

Consistent auditing and evaluation allows you to update any missing links within your security solution for improved compliance and effectiveness. It also supplies the verification component to the trust-but-verify model.

You need to be prepared in case you become the subject of an internal- or law-enforcement investigation. Make certain your cloud provider will support your efforts.

Be 100 percent clear on what leaving your cloud provider means. How will they give you back your data, sanitize it from their systems and backup tapes, and ensure you have no further liability?