Five considerations as you contemplate migrating to the Cloud
There is no doubt that cloud computing offers many compelling opportunities for organizations seeking to achieve a more agile and efficient IT environment. Scalability, flexibility, efficient collaboration, resilience, and reduced IT costs are just a few of the benefits most companies will experience.
And to keep your cloud migration on a positive track - while avoiding potential pitfalls - here are five things to think about alongside your IT or Information Security teams and your cloud vendor:
- Take a close look at your company’s infrastructure and the way it uses IT services such as storage. Make sure these are aligned to your business requirements before trying to migrate to the cloud. This is also a good opportunity to rethink your application delivery model to ensure you are taking advantage of unique capabilities of the cloud, such as microsegmentation and containerization, rather than just simply using a “lift and shift” approach. This is important to make sure you select the right cloud services offering and model to meet your needs.
- Make sure your cloud service provider can ensure the safety, integrity, and confidentiality of your data, both while in the cloud and in transit. The provider should offer security at least at the same level, or better, than what you require for services installed locally.
- Confirm that your cloud service provider allows for appropriate access to data, and has configuration and compliance that is in line with industry best practices. You can make sure you meet regulatory requirements around encryption of data by checking with the Cloud Security Alliance, which offers advice for several regulatory frameworks.
- Verify the details of what security and service management controls your cloud services provider includes in the contract. This includes issues like orchestration, service lifecycle and performance and security monitoring services. Your provider should also be able to tell you what happens to your data if they should go out of business, experience performance issues, or suffer a security breach. And they should outline their business continuity plans in the event of natural disasters or manmade events such as cyber attacks.
- If your data is subject to special data residency requirements like GDPR, make sure your provider can accommodate this through regional data isolation or other protection.
From Paige Adams, Chief Information Security Officer, Zurich Insurance Group
