Tiêu đề cloud-security-checklist.pdf ✅

Cloud Security checklist Are you really ready for Cloud
Introduction Once you have assessed the benefits of migrating a business system or its function to the Cloud (See our White Book of Cloud Adoption), the next step is to consider the security and risk management implications of doing so. As with traditional outsourcing projects, organisations need to assess not only their own capabilities, but also those of any proposed cloud service provider. If you approach cloud in the right way, with appropriate checks and balances to ensure all necessary risk management measures are covered, security is not a barrier to adoption. This checklist enables you to make this assessment in two stages: 1 Determine how prepared the security team is for the move; 2 The readiness of the rest of the organisation by business area and any proposed provider’s assurance of Cloud security. The following provides a high-level guide to the areas organisations need to consider. Once ALL the boxes have been ticked, you can be sure you are operating in a secure Cloud context. Cloud Security Checklist
1 Is the security team ready for the Cloud? 1 Is the security team aware of / knowledgeable about cloud? Security team 4 Does the team’s structure enable cloud security? Security team Security team 2 Does the organisation have a cloud security strategy with which its auditors would be happy Security team 5 Has the security team updated all security policies and procedures to incorporate cloud? Security team 3 Has security governance been adapted to include cloud? Security team 6 Has the security team provided guidance to the business on how to remain secure within a cloud environment? Cloud Security Checklist
1 Is everyone aware of his or her cloud security responsibilities? Organisation Provider 5 Is there a mechanism for managing cloud-related risks? Organisation Provider 9 Does the compliance function understand the specific regulatory issues pertaining to the organisation’s adoption of cloud services? Organisation Provider Organisation Provider 2 Is there a mechanism for assessing the security of a cloud service? Organisation Provider 3 Does the business governance mitigate the security risks that can result from cloud-based “shadow IT”? Organisation Provider 4 Does the organisation know within which jurisdictions its data can reside? Organisation Provider 6 Does the organisation understand the data architecture needed to operate with appropriate security at all levels? Organisation Provider 7 Can the organisation be confident of end-to-end service continuity across several cloud service providers? Organisation Provider 8 Can the provider comply with all relevant industry standards (e.g. the UK’s Data Protection Act)? 2 Is your organisation /service provider ready? Effective Cloud security considerations for the Organisation / Service provider spans three key areas: • Management • Operation • Technology Management Cloud Security Checklist