Step 1: Start Security Planning Early
Your security profile in the cloud is defined by what your organization needs and the workloads you plan to move to the cloud. The best way to approach cloud security is to integrate it with your overall cloud planning early in the process. That way you can use a threat-based approach to planning for deployments of your specific workload(s), the security requirements, and the specific cloud delivery model and architecture. As you embark on your own cloud initiatives, here are a few of the considerations that will affect your risk profile in the cloud. Are your physical compute resources located on-premises or off-premises? What types of assets, resources, and information will be managed? Who manages them and how? Which controls are selected, and how are they integrated into the overall cloud architecture? What compliance issues do you face?
The first step in planning security for your proposed cloud environment is to think about the fundamentals: data and platform. Use the following as a checklist for what you need to know (at least at a high level) about the specific deployment you’re planning. The idea is to understand your risk tolerance, identify the best deployment models for your specific needs based on security and compliance considerations, and detect potential exposure points for sensitive data and processes. With this information, you will be in a better position to understand what your organization really needs.
Identify the business priorities for moving the specific workload(s) to the cloud.
You can more effectively weigh security concerns once you’ve defined the business context for what you hope to achieve by moving workloads to the cloud.
What drivers make cloud technology a good option for this workload? Do you need to: o Reduce operational costs? o Scale seasonally? o Support remote or mobile workers? What harm would result if the asset was compromised?
Evaluate the sensitivity of the asset(s).
This helps you understand the importance of the data or function. You can make this evaluation as a rough assessment or follow a specific valuation process.
Intel IT Center Planning Guide | Cloud Security