In 5 to 10 years, the cloud will be as ubiquitous as the Internet is today. It is predicted that 2015 will see dramatic change in labor and business models as operations shift to the cloud. It will be part of our normal lives, with cloud-based apps running on stereos, watches, mirrors, glasses and many other devices that we interact with or carry with us daily. Software and data will not be hardware dependent because they will be running in the cloud but you will be able to interact with your data and systems whenever and wherever you are at.
The lines between work and home or business and pleasure are already blurred, but they will become increasingly transparent in the years to come. The floodgates of organizational data will be released into a variety of cloud-based systems. Organizations that develop a security-minded cloud culture now will better transition into the cloud in years to come as it continues to grow. Such cultures will have the framework such as policies, procedures, workflows and shared cloud successes will foster effective cloud security behaviors and habits.
So what does a security-minded cloud culture look like? Provided here are three steps that you can take to start developing it.
The first step is to foster ongoing communication about the cloud, its benefits and challenges. Create a cloud committee made up of people from different departments and backgrounds within the company and discuss what is working for you and how that can be standardized as an organizational best practice. As part of it, subject ideas to peer review and test assumptions and risks.
Next, create and maintain a data map that details where types of data are stored and which vendors or third parties maintain the data. This is important in case there is a data breach, eDiscovery request, merger, or many other situations. Empower employees to help maintain the data map through discussions on how and where the data is located by members of the cloud committee.
Lastly, be discerning in choice of products or services. The choice of a cloud provider is not one to be taken lightly without an appropriate level of consideration. Cloud vendors should go through a vendor risk management process that ensures they have sufficient security controls in place to mitigate risks to the type of data they will be hosting. Each vendor can be assigned a risk rating for data classifications to make it easy to determine if data can be used on the vendor’s platform. Risk management should also take into account any compliance requirements and whether the vendor’s systems adhere to those requirements. Also, ensure that service level agreements are appropriate for your data availability requirements. If this concept sounds foreign, consider classifying your organizational data based on the required confidentiality level and availability need.
You are most likely planning for growth in cloud utilization, so make sure that the solutions you choose can scale with your business. Choose a vendor that can handle several times the volume you initially would contract for and one that has a track record of success and innovation.
This is an exciting time for we stand at the cusp of great technological change. People and organizations are being given the freedom to utilize technology how, when and where they see fit without having to worry about the underlying architectural complexities or capital expenditures. #BeFutureReady, and know this is your chance to seize the cloud, to harness it or even mold it to accomplish great things. Create a culture that supports secure cloud utilization and make a difference – now and in the future!