Even if adoption is agreed upon, it becomes hard to evaluate vendors that have strong security offerings and even harder to utilize security controls that are internally deployed in the cloud environment.<\/span><\/li>\n<\/ul>\n<\/span><\/p>\nRecommendations<\/strong><\/h2>\nKey Points<\/strong><\/em><\/h3>\n\n- The cloud can be secure despite unique security threats.<\/span><\/span><\/span><\/span><\/span><\/span><\/li>\n
- Securing a cloud environment is a balancing act of who is responsible for meeting specific security requirements.<\/span><\/span><\/span><\/li>\n
- Most security challenges and concerns can be minimized through the structured process (CAGI) of selecting a trusted cloud security provider (CSP) partner.<\/span><\/li>\n<\/ul>\n
Approach<\/strong><\/em><\/h3>\n<\/span><\/p>\n\n- The business is adopting a cloud environment and it must be secured, which includes:<\/span><\/li>\n
- Ensuring business data cannot be leaked or stolen.<\/span><\/span><\/span><\/li>\n
- Maintaining privacy of data and other information.<\/span><\/span><\/span><\/li>\n
- Securing the network connection points.<\/span><\/li>\n
- Determine your balancing act between yourself and your CSP; through contractual and configuration requirements, determine what security requirements your CSP can meet and cover the rest through internal deployment.<\/span><\/li>\n
- This blueprint and associated tools are scalable for all types of organizations within various industry sectors.<\/span><\/li>\n<\/ul>\n
Methodology and Tools<\/strong><\/h2>\nExecutive Brief<\/strong><\/h3>\nRead the concise Executive Brief to find out why you should prioritize security in the cloud and review the methodology.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n\n- Ensure Cloud Security in IaaS, PaaS, and SaaS Environments \u2013 Executive Brief<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n
- Ensure Cloud Security in IaaS, PaaS, and SaaS Environments \u2013 Phases 1-5<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n<\/ul>\n
1. Determine your cloud risk profile<\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/h3>\nDetermine your organization\u2019s rationale for cloud adoption and what that means for your security obligations.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n\n- Ensure Cloud Security in IaaS, PaaS, and SaaS Environments \u2013 Phase 1: Determine Your Cloud Risk Profile<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n
- Secure Cloud Usage Policy<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n<\/ul>\n
2. Identify your cloud security requirements<\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/h3>\nUse the Cloud Security CAGI Tool to perform four unique assessments that will be used to identify secure cloud vendors.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n\n- Ensure Cloud Security in IaaS, PaaS, and SaaS Environments \u2013 Phase 2: Identify Your Cloud Security Requirements<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n
- Cloud Security CAGI Tool<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n<\/ul>\n
3. Evaluate vendors from a security perspective<\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/h3>\nLearn how to assess and communicate with cloud vendors with security in mind.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n\n- Ensure Cloud Security in IaaS, PaaS, and SaaS Environments \u2013 Phase 3: Evaluate Vendors From a Security Perspective<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n
- IaaS and PaaS Service Level Agreement Template<\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n