The consistency of your security program becomes a challenge once you introduce the cloud. Controls and visibility are not necessarily transferable. How do you maintain the control you want in a hybrid environment?
Check out this post for the basis for our conversation on this week’s episode which features me, special guest co-host Taylor Lehmann (@BostonCyberGuy), vp, CISO, athenahealth, and our sponsored guest, Chris Meenan (@chris_meenan), director, offering management and strategy, IBM Security.
Thanks to this week’s podcast sponsor, IBM Security
Got feedback? Join the conversation on LinkedIn.
On this episode of Defense in Depth, you’ll learn:
- Moving to the cloud, like any other technology initiative, is a business decision.
- What controls are you ceding over to the cloud provider? What service level agreements (SLAs) and performance measurements do you have for the provider?
- Be realistic about what’s going to be done if a service provider violates the SLA. You’re not going to all of a sudden dump the provider. You’re going to put some types of corrections in place. Make sure you know what those are and how that can be handled, realistically.
- Understand your shared responsibility in the cloud. According to a report by FireMon on hybrid cloud use and adoption, about one-third do not fully understand the shared responsibility model of the cloud.
- Start slow. While you may need to go with multiple cloud providers to fill distribution and requirements, begin with one and learn from that experience.
- Use cloud adoption as an excuse to join forces with your privacy team to understand where data is being placed and what control you have over it.
- Cloud providers are not interchangeable like a utility. Cloud providers are chosen based on the services they offer.