Many organisations have adopted Cloud technology as part of their digital transformation, or are seriously considering it. The benefits are compelling, like the ready availability of functionalities, costs and scalability.
But what are the risks? Many cyber incidents have occurred in the past, which can sometimes be linked to the use of Cloud facilities. So CIO’s of large enterprises and IT managers of small organizations alike have uttered the same concern: “Can we move to the Cloud in a secure way?” They don’t know and hesitate to move forward. From a business perspective that is somewhat worrying, given the benefits of the Cloud. Security is then all too often perceived as business disabler…
So how, from a senior management position, bring that discussion forward, if you want to realize your Cloud ambitions without jeopardizing your enterprise’s crown jewels? Some specific questions will help you to gain more clarity and put your staff (or supplier for that matter) on the right track. There are more questions of course, but this will give you a good first indication.
First, is it clear which of our data is to be moved to the Cloud? Do we consider that data fit for placing it in a third parties hand, from the viewpoint of business criticality and confidentiality? Think of intellectual property, client data or other critical business assets.
Second, are we sufficiently aware of the legal framework applicable? This is especially a good question when personal or medical data are involved. Is the legal department involved in decision making?
Third, what do we know about the proposed Cloud supplier? Just like with other ICT suppliers, you want to know about guarantees for continuity, location of their business, management and so on. And can we actually audit their security practices, should the need be?
Fourth, if we work from the Cloud any time anywhere, have we thought about the devices we use and the protection of those?
Last, but not least, what is our exit strategy? Can we move out of that Cloud, taking all our data with us? And what will happen with the data stored at the supplier’s datacenter? What guarantees do we have that it will be removed permanently?
Modern enterprises, be it public or private, can hardly escape the Cloud the coming years in order to grow business, safe money or work smarter in other ways. And it’s not always the CIO or IT department that coordinates this move. Business does. Given stakeholder demands security should be part of business considerations in advance, but don’t let it become a disabler.