2. Overview
Cloud computing allows businesses to deliver
new services with agility and speed, all while
saving money. But it’s no secret that working in
the cloud can be risky.
Brought to you by
3. Key Recommendations
Follow these four tips to help protect your
cloud environment:
1. Determine what you want to put in the cloud
2. Spend wisely
3. Accept that security is about risk management
4. Make security relatable and understandable
Brought to you by
4. TIP
1
Determine what you want
to put in the cloud.
• First, discover and inventory your assets and data. Classify it by importance
to your business and risk: how much stewardship are you directly responsible
for (e.g., organizations with Electronic Protected Health Information) and what is
the risk? Only allow data into the cloud that you’re willing to risk putting into the
hands of a third party, and which may be located anywhere in the world.
• Negotiate smart contracts with the cloud vendor and provider. Determine what
you think are acceptable and mitigating controls to compensate for any
problems that occur.
Brought to you by
5. TIP
2
Spend wisely on security.
• If you don’t have a robust security department, cloud providers may be able to
give you much better security than you can provide yourself. However, they
have no context about your data: what is business critical intellectual property
vs. your aunt’s cookie recipes.
$
Brought to you by
$
$
$$
$
6. TIP
3
Security isn’t an
all-or-nothing proposition.
Accept that security is about
risk management.
• Small businesses are often better at understanding security because
the management team is closer to IT operations.
Brought to you by
7. 4
TIP
Make the concept of security
relatable and understandable.
• In some instances, security can get lost in translation between
management and IT. Find someone who can speak both languages so
he/she can articulate in business language what IT security means.
• Increasingly the Chief Information Security Officer is being pulled from executive
management ranks rather than from a technical role (or the security team).
Understand that the CISO’s job is changing into a role of an interpreter,
one that can translate what IT is saying into operational language.
Brought to you by
8. A more informed approach.
The cloud doesn’t have to be a scary place.
There are many cloud solutions that are well
managed and secure. You just need to ask
the right questions and pay close attention to the
security expertise of your cloud provider.
Learn more
Brought to you by
Download the IBM white paper,
“Integrated IT Security for Midsized Businesses”.