7 Steps To Developing A Cloud Security Plan

7 Steps To Developing A Cloud Security Plan

7 Steps to Developing a Cloud Security Plan

Designing and implementing an enterprise security plan can be a daunting task for any business. To help facilitate this endeavor NaviSite has developed a manageable process and checklist that can be used by enterprise security, compliance, and IT professionals as a framework for crafting a successful cloud computing security plan. It defines seven steps—sequentially—that have been tested and refined through NaviSite’s experiences helping hundreds of companies secure enterprise resources according to best practices. This plan enables organizations to gain the economic advantages of secure and compliant managed cloud services.

Step 1: REVIEW YOUR BUSINESS GOALS

It is important that any cloud security plan begins with the basic understanding of your specific business goals. Security is not a one-size-fits-all scenario and should focus on enabling:

  • TECHNOLOGIES: Authentication and authorization, managing and monitoring, and reporting and auditing technologies should be leveraged to protect, monitor, and report on access to information resources
  • PROCESSES: Methodologies should be established that define clear processes for everything from provisioning and account establishment through incident management, problem management, change control, and cceptable use policies so that processes govern access to information
  • PEOPLE: Organizations need access to the proper skill sets and expertise to develop security plans that align with business goals

Too often, organizations view internal security and compliance teams as inhibitors to advancing the goals of the business. Understanding the business objectives and providing long-term strategies to enable business growth, customer acquisition, and customer retention is essential to any successful security plan.

The best way to do this is to develop cloud security policies based on cross departmental input. A successful security program includes contribution from all stakeholders to ensure that policies are aligned and procedures are practical and pragmatic.

The broader the input the more likely the final security plan will truly align with, and support corporate goals. Executive input is not only essential to ensure that assets are protected with the proper safeguards, but also to ensure that all parties understand the strategic goals. For example, if a company plans to double in size within a few years, security infrastructure needs to be designed to support scalability.

CASE IN POINT: At NaviSite, we often see customers faced with the challenge of making major security and technology changes to address evolving corporate goals. For example, a customer that hosts multiple merchant sites had a Payment Card Industry (PCI)-compliant application, but when it was acquired, its parent company required stricter controls that conformed to the enterprise-wide PCI program. The acquired company came to us with a small company perspective, while the new parent company wanted to enforce even tighter security across its divisions.

We worked with them to realign and bolster the goals of the acquired company’s security and compliance programs with the corporate goals of the parent company. By reviewing the business goals with the stakeholders from the parent company, the newly acquired company, and our security team, we were able to identify and document the objectives for the new compliance program and ensure that they were aligned with the over-arching
PCI program.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Cloud Computing – The Good and the Bad

Cloud Computing – The Good and the Bad

The Cloud Movement Like it or not, cloud computing permeates many aspects of our lives, and it’s going to be a big part of our future in both business and personal spheres. The current and future possibilities of global access to files and data, remote working opportunities, improved storage structures, and greater solution distribution have…

The FTC, Data Privacy and Facebook

The FTC, Data Privacy and Facebook

Data Protection Facebook is in deep water over their recent decision to start harvesting phone numbers from one of the apps they own, called WhatsApp. WhatsApp is a mobile phone app that allows people to place long distance phone calls and send SMS messages for free. A complaint was filed with the Federal Trade Commission…

Three Tips To Simplify Governance, Risk And Compliance

Three Tips To Simplify Governance, Risk And Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

The Annual Compliance & Ethics Institute:  Hot Topics – Cyber Security, Big Data, Privacy Breach Response

The Annual Compliance & Ethics Institute: Hot Topics – Cyber Security, Big Data, Privacy Breach Response

Cyber Security, Big Data, Privacy Breach Response MINNEAPOLIS, Aug. 30, 2016 /PRNewswire-USNewswire/ — Cyber security, social media, modern slavery, anti-corruption, export controls and sanctions, and privacy top the list of “Hot Issues” compliance and ethics professionals face each day. These and many other compliance and ethics concerns will be addressed at the 2016 Compliance & Ethics…

Top 5 Digital Health Trends

Top 5 Digital Health Trends

Digital Health Trends It is very important to keep up with the changing technology. However, it is also just as important to advance the consumer experience, care delivery methods and create opportunities for career development for the healthcare workforce. Five trends that are proven to be effective in winning in the digital age have been…

Rounding Out Your Security Strategy With The Enterprise Cloud

Rounding Out Your Security Strategy With The Enterprise Cloud

Enterprise Cloud Security Strategy No company wants to be the one to have to announce one of the world’s biggest data breaches. From managing networks and datacenters to protecting hundreds of applications, today’s enterprises face enormous challenges. With all the surface area that needs to be tracked and protected including APIs on the front-end, customer integrations…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Cloud Infographic – Disaster Recovery

Cloud Infographic – Disaster Recovery

Disaster Recovery Business downtime can be detrimental without a proper disaster recovery plan in place. Only 6% of businesses that experience downtime without a plan will survive long term. Less than half of all businesses that experience a disaster are likely to reopen their doors. There are many causes of data loss and downtime —…

Cloud Infographic: IoT For Automotive Deconstructed

Cloud Infographic: IoT For Automotive Deconstructed

IoT For Automotive Deconstructed The IoT automotive industry is moving rapidly with many exciting growth opportunities available. We’ve written about some of the risks and benefits as well as some of the players involved. One thing for certain as that the auto industry is starting to take notice and we can expect the implementation of a…

Cloud Infographic: The Explosive Growth Of The Cloud

Cloud Infographic: The Explosive Growth Of The Cloud

The Explosive Growth Of The Cloud We’ve been covering cloud computing extensively over the past number of years on CloudTweaks and have truly enjoyed watching the adoption and growth of it. Many novices are still trying to wrap their mind around what the cloud it is and what it does, while others such as thought…

Protecting Your Web Applications In A Hybrid Cloud Environment

Protecting Your Web Applications In A Hybrid Cloud Environment

Protecting Your Web Applications It’s no secret that organizations are embracing the cloud and all the benefits that it entails. Whether its cost savings, increased flexibility or enhanced productivity – businesses around the world are leveraging the cloud to scale their business and better serve their customers. They are using a variety of cloud solutions…

5 Reasons Why Your Startup Will Grow Faster In The Cloud

5 Reasons Why Your Startup Will Grow Faster In The Cloud

Cloud Startup Fast-tracking Start-ups face many challenges, the biggest of which is usually managing growth. A start-up that does not grow is at constant risk of failure, whereas a new business that grows faster than expected may be hindered by operational constraints, such as a lack of staff, workspace and networks. It is an unfortunate…

Do Small Businesses Need Cloud Storage Service?

Do Small Businesses Need Cloud Storage Service?

Cloud Storage Services Not using cloud storage for your business yet? Cloud storage provides small businesses like yours with several advantages. Start using one now and look forward to the following benefits: Easy back-up of files According to Practicalecommerce, it provides small businesses with a way to back up their documents and files. No need…