Basic Security Considerations for Cloud
- Knowledge of the computer hardware and physical IT infrastructure are important elements of information security.
- One must understand where the information physically reside on network before information can be secured.
- Ultimately security is about people –not technology.
- The information security department should help its organization understand that security is everyone’s job.
- Periodic independent reviews of the organization’s information’s security posture should be made.
- The modern enterprise has evolved into a giant producer and consumer data. Despite the large volume of controls and efforts to protect these data types, very few organizations are able to map exactly where their sensitive data is located and what security controls are deployed to guard it.
- In order for organization to adequately mitigate against these risk, they should first “DISCOVER” data types in order to understand and map where data resides, along with the type of content of data.
- Structured data types are centrally managed allow for better control of enterprise data. Where data is dispersed, this can increase the risk and potential vulnerabilities associated with storage and management.
- Proper data classification is essential in order to build effective data controls, thus enabling compliance with relevant law, regulations, and standards.