siliconindia | | June 20179While security is a main factor in forming a partnership with a cloud provider, businesses should also take the provider's location, culture, pricing, and other aspects into accountcerns not only top the list of perceived barriers to cloud adoption, but they are further increasing their importance. General security concerns, legal & regulatory compliance concerns, data loss & leakage risks, integration with ex-isting IT environments and lack of expertise top the list of barriers to cloud adoption. There have been several data breaches and outages in recent years, resulting in class-action lawsuits, mil-lion-dollar settlements and millions of dollars in lost rev-enue. A company can minimize threats and vulnerabilities by strengthening its security controls, anticipating risks and developing solutions. However, it is important to put this in context as the number of reported breaches in en-terprise environments far exceed the reported exposure to cloud platforms.TrustIt can be safe for a business to trust a third-party to man-age their data, if the business does its research before forming a partnership. There is a shared responsibility between a company and a cloud provider to deliver a se-cure environment and determine who is responsible for security components and risk mitigation. In most cases, a company will select a trusted cloud provider to man-age the physical components, infrastructure, network and virtualization. In certain areas, businesses can also have their cloud provider control the operating system or appli-cation, and depending on the situation, businesses could retain control. Companies ultimately own the data and are responsible for controlling where, how, what and when it is stored or accessed. Staying AlignedInformation security and risk management teams should always be aligned with the business' overall objectives and existing security programs. The teams should identify and address any concerns, implement added safeguards and ensure the technical teams that are managing the day-to-day administration understand the company's policies and procedures. A company's executive and technology leadership teams should be aware of the company's expo-sure, depending on the data residing with the cloud pro-vider. A cloud provider's information security department will work closely with the business on an ongoing basis to ensure all proposed solutions do not raise the overall risk posture of the organization. Data control and configura-tion management are some added strategy considerations that can fundamentally differ from internal processes.While security is a main factor in forming a partner-ship with a cloud provider, businesses should also take the provider's location, culture, pricing, customer sup-port, response times and flexibility into account. Imple-menting a cloud solution, like many IT projects, requires careful planning, thorough testing and a full assessment once complete. A company must be aware of the risks it is willing to take in order to meet its strategic objectives. With the right partner, any enterprise can ensure all ex-isting risk-mitigation techniques are met or exceeded. At the same time, the benefits of operating in a cloud envi-ronment can be experienced. There is no one-size-fits-all solution, but with proper due diligence, securely operat-ing in a customized cloud environment is possible. Robert LaMagna-Reiter
< Page 8 | Page 10 >