Bookmark and Share

Convergence of the Cloud – A Nexus of Forces

While cost-savings and convenience are two reasons frequently cited for moving to the cloud, organizations are primarily moving applications to the cloud more for scalability and being able to do more with less. In addition to cloud-based email applications, other popular cloud services include provisioning applications and collaboration tools, such as Box, Dropbox and Office 365. Regardless of the driver, or applications migrated, security executives remain challenged in protecting the data. Lessons learned in overcoming obstacles include:

  • Select and adhere to standards. Standards become especially important when companies are going through a merger or acquisition situation. Best practice approaches include selecting the specific technologies and applications to carry forward and notifying users as to what applications will be turned off on a specific date.
  • Validate certification. Surprisingly, many organizations rely on certifications and do not perform onsite evaluations. In the absence of onsite evaluation, the validation of a cloud providers certifications become all that more important.
  • Monitor security and DLP. An ad hoc survey reveals that security executives are not using the cloud for security purposes, but need visibility into events and log feeds and the ability to understand what is happening from a DLP standpoint.
  • Plan for Digital Rights Management. DRM is becoming an issue that security executives must think about when moving applications and data to the cloud.
  • Weigh the value of migrating legacy apps.  Migrating existing legacy applications to the cloud involves several considerations that need to be evaluated before embarking on such a project. Organizations need to weigh the benefits of re-architecting or revitalizing legacy applications.
  • Align with the business for budget. Overwhelmingly, security executives find themselves in the position of having to halt one program in order to pay for another. In order to fund cloud initiatives, security leaders need to align with the business and work with the business units.
  • Assess and communicate risk. Collaborating with the business units to fund initiatives provides an opportunity to educate the business unit leaders as to the level of risk involved in moving applications and data to the cloud.

Moving to the Cloud best practices include:

  • Think big, but not critical
  • Act small and learn lessons on programs that are not part of the firm’s critical assets
  • Go slow