Is your current security better than Cloud Security?

(Stephen Parker, Head of Cloud Strategy, NewLease)

Doing nothing is not always safer.

Cloud security is a hot debate and listed as one of the top concerns across all business sizes when considering a move to cloud computing.  A “Bing” on the string “Cloud Security” returns 13.9m results!!!!

An interesting example of one of these documents is from the Australian Defence Signals Directorate (http://www.dsd.gov.au/publications/Cloud_Computing_Security_Considerations.pdf).  The structure of this offers a simple “cloud” overview, then a list of security related questions you should ask and finally why they are important structure.  For example the first 4 questions are:

  • My data or functionality to be moved to the cloud is not business critical.
  • I have reviewed the vendor’s business continuity and disaster recovery plan.
  • I will maintain an up to date backup copy of my data.
  • My data or business functionality will be replicated with a second vendor.

These are perfectly reasonable questions, but what if you replaced “cloud” with “our current environment”, how would you answer these?

  • My data or functionality to be accessed externally from our current environment is not business critical.
  • I have reviewed our current environments business continuity and disaster recovery plan.
  • I will maintain an up to date backup copy of data in our current environment.
  • My data or business functionality in our current environment will be replicated with a second vendor.MS TWC Infographic_v5

Although not perfect (nothing is) it is highly likely that for many businesses (especially SMBs) the Cloud would actually be better
from a security perspective than their current IT setup.

Research from Microsoft reviews the benefits of the cloud on SMB’s security [click image to enlarge & see whole infographic]:

 

Risk Assessment

The cloud security debate is all too often based on emotional rather then rational thinking.  What is commonly missed is the activity of doing a formal risk assessment of the services you plan to move to the cloud.  Then you can make a comparison of your as-is environment with your proposed cloud option.  Only then will you be able to make a true call as to how the cloud impacts your risk mitigation strategies for these services. 

Advertisements

About SJKParker

Discovering exceptional stakeholder value through innovative technology investments. 25+ years’ experience as a business and technology hybrid. Providing creative and challenging thinking that delivers alignment of essential business needs with innovative technology. Passionate leadership and business model transformation across large enterprises, start-ups, SMBs, and business turnarounds. Experience gained from working closely with leading software vendors on their global cloud strategy, provided associate services to industry analysts, sharing knowledge as a keynote speaker and writing a variety of books covering the Cloud space. Painting business pictures with an IT brush, providing Experience, Passion & Impact Specialties: Business model transformation, Evangelist and presenter, Cloud Computing, Software as a Service, SaaS, Office 365, Azure, Solution Architect, eProcurement, SPLA, Subscription licensing
This entry was posted in Cloud and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s