What to ask when moving to the Cloud?

Publish date:

Many organisations have adopted Cloud technology as part of their digital transformation, or are seriously considering it. The benefits are compelling, like the ready availability of functionalities, costs and scalability. But what are the risks? Many cyber incidents have occurred in the past, which can sometimes be linked to the use of Cloud facilities. So […]

Many organisations have adopted Cloud technology as part of their digital transformation, or are seriously considering it. The benefits are compelling, like the ready availability of functionalities, costs and scalability.

But what are the risks? Many cyber incidents have occurred in the past, which can sometimes be linked to the use of Cloud facilities. So CIO’s of large enterprises and IT managers of small organizations alike have uttered the same concern: “Can we move to the Cloud in a secure way?” They don’t know and hesitate to move forward. From a business perspective that is somewhat worrying, given the benefits of the Cloud. Security is then all too often perceived as business disabler

So how, from a senior management position, bring that discussion forward, if you want to realize your Cloud ambitions without jeopardizing your enterprise’s crown jewels? Some specific questions will help you to gain more clarity and put your staff (or supplier for that matter) on the right track. There are more questions of course, but this will give you a good first indication.

First, is it clear which of our data is to be moved to the Cloud? Do we consider that data fit for placing it in a third parties hand, from the viewpoint of business criticality and confidentiality? Think of intellectual property, client data or other critical business assets.

Second, are we sufficiently aware of the legal framework applicable? This is especially a good question when personal or medical data are involved. Is the legal department involved in decision making?

Third, what do we know about the proposed Cloud supplier? Just like with other ICT suppliers, you want to know about guarantees for continuity, location of their business, management and so on. And can we actually audit their security practices, should the need be?

Fourth, if we work from the Cloud any time anywhere, have we thought about the devices we use and the protection of those?

Last, but not least, what is our exit strategy? Can we move out of that Cloud, taking all our data with us? And what will happen with the data stored at the supplier’s datacenter? What guarantees do we have that it will be removed permanently?

Modern enterprises, be it public or private, can hardly escape the Cloud the coming years in order to grow business, safe money or work smarter in other ways. And it’s not always the CIO or IT department that coordinates this move. Business does. Given stakeholder demands security should be part of business considerations in advance, but don’t let it become a disabler.

Find out more http://www.capgemini.com/blog/capping-it-off/2015/02/putting-cybersecurity-at-the-heart-of-digital-transformation

Related Posts

Cybersecurity

Is your Operational Technology (OT) environment insider safe?

Dan Leyman
Date icon September 8, 2020

Organizations need to exercise due diligence and care to ensure their vendors, contractors,...

Cybersecurity

Unlocking the power of AI and SOAR for end-to-end cybersecurity

Geert van der Linden
Date icon September 3, 2020

For AI to work effectively, organizations need to build a roadmap that addresses...

Cybersecurity

Identity access management (IAM) – the new normal

Dino Karanikas
Date icon August 27, 2020

Having an upgraded IAM plan in place will not only let you sleep better at night; it will...