Abstract image of a woman sitting on books and studying on a laptop

Secure Cloud Adoption - Checklist

Securestorm, profile picture
Securestorm

This document outlines ten essential steps for organizations to securely adopt cloud services, emphasizing the importance of defining a clear strategy, assessing criticality, and engaging with cloud service providers. It also highlights the significance of addressing both generic and cloud-specific security risks through threat modeling. The author will further elaborate on these steps in a presentation at CSA Congress EMEA 2015.

Technology
Related topics:
Cyber-SecurityCloud Computing Insights Information SecurityCloud Security Insights
1 of 2
Downloaded 10 times
1
2
Your game plan for secure cloud adoption Migrating to the cloud securely needn’t be complicated. By following ten simple steps before engaging cloud service providers (CSPs) you can take a clear-headed approach to migration and avoid becoming bogged down in detail. Next month at CSA Congress EMEA 2015, I’ll be explaining how to develop a winning cloud adoption game plan in detail and the checklist below highlights the key points forming the basis of my presentation. These ten steps will help you define your adoption strategy, highlight key require- ments and make the right decisions about processes and business and technical controls. Read on to discover if your organisation is match-fit for cloud adoption. Simplified Security for Cloud Adoption - Define your game plan www.iacs-llp.com Information Assurance Consulting Services Scope Start by determining the scope of the task ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. 01 Why? Ask yourself why you’re migrating your chosen ap- plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. 02 Why not? List your top five concerns in relation to the objectives you’ve chosen. It’s likely these will be predominately security-related, but also consider factors such as availability, cost of migration, and additional resource needed. 03 Review Review steps 1 to 3 and ensure the objectives and concerns you’ve examined are directly relevant to the project scope. This will help you retain focus on what’s critical to your organisation. 04
Assess criticality Next, assess the criticality of your assets. We recom- mend implementing a 1 to 3 score based on low, medium or high criticality, then assigning it at an ap- plication estate level. This will enable you to cate- gorise assets in batches. For example, a market analysis application estate might include fifteen individual assets, all of which can be covered by assigning them the same level of criticality. 05 Engage and demand Now you’ve got a game plan, you’re ready to kick-off your cloud migra- tion. Equipped with the knowledge gained over the course of this process, you’re prepared to engage cloud service providers and demand the technical and process controls that are right for your organisation. 10 Choose solutions Next, match specific controls to your requirement. Not all of these will be technical and you may be able to overcome challenges with existing or new processes. Equally, new hires may be necessary. Before investing in people or technology, ensure these will enable you to deliver the spe- cific benefits identified within the scope of your project. 09 Define requirements Define your key security requirements based on the output of the threat modelling you’ve conducted. Firstly, ensure you can mitigate the 80% of generic security risks, but concentrate time and re- sources on guarding against the 20% of cloud-specific threats. 08 06 Apply the 80 / 20 Principle It’s likely that 80% of your risk is generic across your estate and therefore, as all assets have the same criticality, they should be treated similarly. The remaining 20% is specific and bespoke to your cloud migration and requires more time and effort. By segmenting your assets into these two groups and applying the same level of security to each, you can safeguard all of your assets efficient- ly and cost-effectively. 07 Threat modelling By identifying the specific threats other organisations in your sector or industry have faced, you can define the right type of counter measures to protect your organisation. The Cloud Security Alliance, PwC and Verizon all publish reliable, industry-specific research on a regular basis, providing you with a robust starting point for threat modelling. Your game plan for secure cloud adoption. Simplified Security for Cloud Adoption - Define your game plan www.iacs-llp.com Learn how to implement these steps effectively by attending my presentation at CSA Congress EMEA 2015 on 17 November. I’ll be speaking at 14:00 during Track 2: Strategies, Governance, Risk Management.

More Related Content

PDF
Cloud Adoption and Risk Report 2019
CompatibL Technologies ltd
 
PPTX
Cloud Adoption Framework Phase one-moving to the cloud
Anthony Clendenen
 
PPTX
Cloud Adoption Plan - Strategy phase
Anthony Clendenen
 
PPTX
Enterprise Cloud Strategy & Adoption
Andrew Alaniz
 
PPTX
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
PPTX
Cloud Adoption Plan - Planning phase
Anthony Clendenen
 
PDF
RightScale Webinar: The Five Critical Steps to Develop a Cloud Strategy
RightScale
 
PPTX
Azure cloud governance deck
Softchoice Corporation
 
Cloud Adoption and Risk Report 2019
CompatibL Technologies ltd
 
Cloud Adoption Framework Phase one-moving to the cloud
Anthony Clendenen
 
Cloud Adoption Plan - Strategy phase
Anthony Clendenen
 
Enterprise Cloud Strategy & Adoption
Andrew Alaniz
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
Cloud Adoption Plan - Planning phase
Anthony Clendenen
 
RightScale Webinar: The Five Critical Steps to Develop a Cloud Strategy
RightScale
 
Azure cloud governance deck
Softchoice Corporation
 

What's hot (17)

PPTX
Omaha DevOps Meetup - Sept 2018
Michael Nichols
 
PDF
Architecting your Cloud Strategy - Part One.vsdx
Gareth Llewellyn
 
PDF
December 2014 Webinar - Planning Your 2015 Cloud Strategy
RapidScale
 
PDF
AgilePath Cloud Playbook Strategy Template
AgilePath Corporation
 
PDF
Developing Your Cloud Strategy
Al Afflitto
 
PDF
AWS cloud adoption framework (caf)
Reham Maher El-Safarini
 
PDF
Creating an Operating Model to enable a high frequency organization
Tom Laszewski
 
PPT
SOA Governance in the Cloud Webinar Slides
WSO2
 
PDF
Getronics - Governance and the Cloud
Maurice Remmé
 
PDF
Enterprise grade disaster recovery without breaking the bank
actualtechmedia
 
PDF
Enterprise Cloud Strategy Framework
Mike Watson
 
PPTX
Softchoice Discovery Series: Cloud Cost Governance
Softchoice Corporation
 
PPTX
Developing a Holistic Cloud Strategy Webinar
KSM Consulting
 
PDF
Where are you at on your journey from on-premise SAP HCM to SuccessFactors th...
Sarah Enders
 
PPTX
A Model-Driven Approach to Support Cloud Migration Process- A Language Infras...
Mahdi_Fahmideh
 
PPTX
Enterprise Cloud Transformation
Cloud Best Practices Network
 
PPTX
Enterprise-Grade Disaster Recovery Without Breaking the Bank
Donna Perlstein
 
Omaha DevOps Meetup - Sept 2018
Michael Nichols
 
Architecting your Cloud Strategy - Part One.vsdx
Gareth Llewellyn
 
December 2014 Webinar - Planning Your 2015 Cloud Strategy
RapidScale
 
AgilePath Cloud Playbook Strategy Template
AgilePath Corporation
 
Developing Your Cloud Strategy
Al Afflitto
 
AWS cloud adoption framework (caf)
Reham Maher El-Safarini
 
Creating an Operating Model to enable a high frequency organization
Tom Laszewski
 
SOA Governance in the Cloud Webinar Slides
WSO2
 
Getronics - Governance and the Cloud
Maurice Remmé
 
Enterprise grade disaster recovery without breaking the bank
actualtechmedia
 
Enterprise Cloud Strategy Framework
Mike Watson
 
Softchoice Discovery Series: Cloud Cost Governance
Softchoice Corporation
 
Developing a Holistic Cloud Strategy Webinar
KSM Consulting
 
Where are you at on your journey from on-premise SAP HCM to SuccessFactors th...
Sarah Enders
 
A Model-Driven Approach to Support Cloud Migration Process- A Language Infras...
Mahdi_Fahmideh
 
Enterprise Cloud Transformation
Cloud Best Practices Network
 
Enterprise-Grade Disaster Recovery Without Breaking the Bank
Donna Perlstein
 
Ad

Viewers also liked (13)

PDF
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
VMware Tanzu
 
PPTX
Roles and Responsibilities | RACI
Patricia Hswe
 
PDF
Christophe feltus introduction to iso 38500 v1 0
Luxembourg Institute of Science and Technology
 
PDF
Superior it governance with iso 38500.key
Basta Group BV
 
PDF
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Dell World
 
PDF
IT Governance
Carlos Chalico
 
PDF
Cobit 5 for information security
Elkanouni Mohamed
 
PDF
Security Framework for Digital Risk Managment
Securestorm
 
PPT
3.5 ICT Policies
mrmwood
 
PDF
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Directorate of Information Security | Ditjen Aptika
 
PDF
Effective GOVERNANCE in Project Portfolio Management
Michal Augustini
 
PPT
It Policies
James Sutter
 
PPTX
Program governance Structure
Saurabh Sardesai
 
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
VMware Tanzu
 
Roles and Responsibilities | RACI
Patricia Hswe
 
Christophe feltus introduction to iso 38500 v1 0
Luxembourg Institute of Science and Technology
 
Superior it governance with iso 38500.key
Basta Group BV
 
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Dell World
 
IT Governance
Carlos Chalico
 
Cobit 5 for information security
Elkanouni Mohamed
 
Security Framework for Digital Risk Managment
Securestorm
 
3.5 ICT Policies
mrmwood
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Directorate of Information Security | Ditjen Aptika
 
Effective GOVERNANCE in Project Portfolio Management
Michal Augustini
 
It Policies
James Sutter
 
Program governance Structure
Saurabh Sardesai
 
Ad

Similar to Secure Cloud Adoption - Checklist (20)

PDF
Simplifying Security for Cloud Adoption - Defining your game plan
Securestorm
 
PDF
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Happiest Minds Technologies
 
PDF
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Happiest Minds Technologies
 
PDF
SIEM Buyer's Guide
Joseph DeFever
 
PDF
5 must haves - cloud confidence
Sean Dickson
 
PDF
10-TOP-IT-INITIATIVES_6-6-16
Peak 10
 
PDF
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
PDF
Cloud services and it security
East Midlands Cyber Security Forum
 
PPT
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
PPTX
Cloud Computing Security Essentials for beginners
ssuser1e89a0
 
PDF
The Roadmap to a Successful Cloud Strategy_ Steps to Implementation.pdf
Polyxer Systems
 
PPTX
Evolution security controls towards Cloud Services
Hugo Rodrigues
 
PDF
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summits
 
PDF
5-Ways-To-Future-Proof-Your-SIEM-Securonix[1].pdf
AndrHenrique77
 
PDF
7 Steps To Developing A Cloud Security Plan
Envision Technology Advisors
 
PDF
Risk management for cloud computing hb final
Christophe Monnier
 
PDF
Elevating Cloud Security Testing- Strategies & Solutions.pdf
geetikamahajan504
 
PDF
Azure Security.pdf
Cloudthat Technologies Private
 
PDF
Azure security
Cloudthat Technologies Private
 
PDF
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...
Yew Weisin
 
Simplifying Security for Cloud Adoption - Defining your game plan
Securestorm
 
Whitepaper: Moving to Clouds? Simplify your approach to understand the risks ...
Happiest Minds Technologies
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Happiest Minds Technologies
 
SIEM Buyer's Guide
Joseph DeFever
 
5 must haves - cloud confidence
Sean Dickson
 
10-TOP-IT-INITIATIVES_6-6-16
Peak 10
 
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
 
Cloud services and it security
East Midlands Cyber Security Forum
 
Legal And Regulatory Issues Cloud Computing...V2.0
David Spinks
 
Cloud Computing Security Essentials for beginners
ssuser1e89a0
 
The Roadmap to a Successful Cloud Strategy_ Steps to Implementation.pdf
Polyxer Systems
 
Evolution security controls towards Cloud Services
Hugo Rodrigues
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summits
 
5-Ways-To-Future-Proof-Your-SIEM-Securonix[1].pdf
AndrHenrique77
 
7 Steps To Developing A Cloud Security Plan
Envision Technology Advisors
 
Risk management for cloud computing hb final
Christophe Monnier
 
Elevating Cloud Security Testing- Strategies & Solutions.pdf
geetikamahajan504
 
Azure Security.pdf
Cloudthat Technologies Private
 
Azure security
Cloudthat Technologies Private
 
Migrating to Cloud? 5 motivations and 10 key security architecture considerat...
Yew Weisin
 

Recently uploaded (20)

PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Five Habits of High-Impact Board Members
OnBoard
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Modernising the Digital Integration Hub
Daniel Toomey
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Unlock new opportunities with location data.pdf
Precisely
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Geologic Time for studying geology for geologist
ssuser738f5a
 

Secure Cloud Adoption - Checklist

  • 1. Your game plan for secure cloud adoption Migrating to the cloud securely needn’t be complicated. By following ten simple steps before engaging cloud service providers (CSPs) you can take a clear-headed approach to migration and avoid becoming bogged down in detail. Next month at CSA Congress EMEA 2015, I’ll be explaining how to develop a winning cloud adoption game plan in detail and the checklist below highlights the key points forming the basis of my presentation. These ten steps will help you define your adoption strategy, highlight key require- ments and make the right decisions about processes and business and technical controls. Read on to discover if your organisation is match-fit for cloud adoption. Simplified Security for Cloud Adoption - Define your game plan www.iacs-llp.com Information Assurance Consulting Services Scope Start by determining the scope of the task ahead. Identify the sys- tems and applications you want to migrate to the cloud and the practical implications of doing so. This will form the basis of your strategy and help you focus on priorities. 01 Why? Ask yourself why you’re migrating your chosen ap- plication or systems to the cloud and stop to sense- check your decisions. We recommend a maximum of five key objectives. 02 Why not? List your top five concerns in relation to the objectives you’ve chosen. It’s likely these will be predominately security-related, but also consider factors such as availability, cost of migration, and additional resource needed. 03 Review Review steps 1 to 3 and ensure the objectives and concerns you’ve examined are directly relevant to the project scope. This will help you retain focus on what’s critical to your organisation. 04
  • 2. Assess criticality Next, assess the criticality of your assets. We recom- mend implementing a 1 to 3 score based on low, medium or high criticality, then assigning it at an ap- plication estate level. This will enable you to cate- gorise assets in batches. For example, a market analysis application estate might include fifteen individual assets, all of which can be covered by assigning them the same level of criticality. 05 Engage and demand Now you’ve got a game plan, you’re ready to kick-off your cloud migra- tion. Equipped with the knowledge gained over the course of this process, you’re prepared to engage cloud service providers and demand the technical and process controls that are right for your organisation. 10 Choose solutions Next, match specific controls to your requirement. Not all of these will be technical and you may be able to overcome challenges with existing or new processes. Equally, new hires may be necessary. Before investing in people or technology, ensure these will enable you to deliver the spe- cific benefits identified within the scope of your project. 09 Define requirements Define your key security requirements based on the output of the threat modelling you’ve conducted. Firstly, ensure you can mitigate the 80% of generic security risks, but concentrate time and re- sources on guarding against the 20% of cloud-specific threats. 08 06 Apply the 80 / 20 Principle It’s likely that 80% of your risk is generic across your estate and therefore, as all assets have the same criticality, they should be treated similarly. The remaining 20% is specific and bespoke to your cloud migration and requires more time and effort. By segmenting your assets into these two groups and applying the same level of security to each, you can safeguard all of your assets efficient- ly and cost-effectively. 07 Threat modelling By identifying the specific threats other organisations in your sector or industry have faced, you can define the right type of counter measures to protect your organisation. The Cloud Security Alliance, PwC and Verizon all publish reliable, industry-specific research on a regular basis, providing you with a robust starting point for threat modelling. Your game plan for secure cloud adoption. Simplified Security for Cloud Adoption - Define your game plan www.iacs-llp.com Learn how to implement these steps effectively by attending my presentation at CSA Congress EMEA 2015 on 17 November. I’ll be speaking at 14:00 during Track 2: Strategies, Governance, Risk Management.