Identity and Access Management Control
You need to know who is accessing your data, at what levels they can access it and whether they can alter it. This requires a clear, concise and auditable identity and access management control system that includes vendors, sub-contractors and your employees.
ROI
Cloud computing can yield a high security ROI because you dont have to hire a whole security team. Evaluate the security costs of your current data center operations and build appropriate security controls into your Service Level Agreement (SLA) to generate a high ROI.
Business Continuity
Your business must operate at all times. Thats why you need business continuity based on the level of down time your business can withstand. Negotiate your tolerance levels and determine if you need to take out an insurance liability policy against your cloud provider.
Security Configuration
Remember to keep your crown jewels separate from your costume jewelry. Take inventory of your data, strategically manage security levels based on information prioritization and configure security based on the privacy levels of corporate data. In the long run, it will save you money.
Reporting and Notification
How will you be notified of malware incidents or attacks on your data? Develop a plan that determines what types of incidents need to be reported and to whom. Know at what point during the notification process you should call in local law enforcement.
Determine Risk
The cloud helps increase business efficiency and productivity, but also increases risk of data loss. Acknowledge this tradeoff and ensure that you have compensating security controls in place to protect data, such as email encryption.
Private Data
If youre putting private data such as personnel records in the cloud, determine in advance the reporting requirements necessary to satisfy privacy breach notification laws.
Evaluate the Environment
Consistent auditing and evaluation allows you to update any missing links within your security solution for improved compliance and effectiveness. It also supplies the verification component to the trust-but-verify model.
How to Investigate
You need to be prepared in case you become the subject of an internal- or law-enforcement investigation. Make certain your cloud provider will support your efforts.
Exit Strategy
Be 100 percent clear on what leaving your cloud provider means. How will they give you back your data, sanitize it from their systems and backup tapes, and ensure you have no further liability?