Identify the Components of Your Cloud Security Architecture
Security in the cloud requires solutions, not speculation.
- Leveraging the cloud introduces IT professionals to a new world that they are tasked with securing. Consumers do not know what security services they need and when to implement them.
- With many cloud vendors proposing to share the security responsibility, it can be a challenge for organizations to develop a clear understanding of how they can best secure their data off premises.
Our Advice
Critical Insight
- Your cloud security architecture needs to be strategic, realistic, and based on risk. The NIST approach to cloud security is to include everything security into your cloud architecture to be deemed secure. However, you can still have a robust and secure cloud architecture by using a risk-based approach to identify the necessary controls and mitigating services for your environment.
- The cloud is not the right choice for everyone. You’re not as unique as you think. Start with a reference model that is based on your risks and business attributes and optimize it from there.
- Your responsibility doesn’t end at the vendor. Even if you outsource your security services to your vendors, you will still have security responsibilities to address.
- Don’t boil the ocean; do what is realistic for your enterprise. Your cloud security architecture should be based on securing your most critical assets. Use our reference model to determine a launch point.
- A successful strategy is holistic. Controlling for cloud risks comes from knowing what the risks are. Consider the full spectrum of security, including both processes and technologies.
Impact and Result
- The business is adopting a cloud environment and it must be secured, which includes:
- Ensuring business data cannot be leaked or stolen.
- Maintaining the privacy of data and other information.
- Securing the network connection points.
- Knowing the risks associated with the cloud and mitigating those risks with the appropriate services.
- This blueprint and associated tools are scalable for all types of organizations within various industry sectors. It allows them to know what types of risk they are facing and what security services are strongly recommended to mitigate those risks.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
10.0/10
Overall Impact
$13,700
Average $ Saved
20
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Pegasus Logistics Group, Inc.
Guided Implementation
10/10
$13,700
20
Knowledge of the analyst. Willingness and ability to come up with specific solutions applicable to our business and needs.
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 4-phase advisory process. You'll receive 12 touchpoints with our researchers, all included in your membership.
Guided Implementation 1: Cloud security alignment analysis
- Call 1: Scope requirements, objectives, and your specific challenges
Guided Implementation 2: Business-critical workload analysis
- Call 1: Workload deployment and Cloud Suitability Questionnaire
- Call 2: Cloud Risk Assessment and Cloud Suitability Results
Guided Implementation 3: Cloud security architecture mapping
- Call 1: “A” Cloud Environment Analysis
- Call 2: “B” Cloud Environment Analysis
- Call 3: “C” Cloud Environment Analysis
- Call 4: Prioritized Security Components & Results Dashboard
- Call 5: Cloud Security Architecture Mappings
- Call 6: Continue Cloud Security Architecture Mappings
Guided Implementation 4: Cloud security strategy planning
- Call 1: Cloud Security Strategy Considerations
- Call 2: Cloud Security Architecture Communication Deck
- Call 3: Summarize results and plan next steps
Contributors
- Arghya Basu, Cognitive & Information Architect, Amgen
- Nenad Begovic, Director of Cloud Infrastructure, Equitable Bank
- Don Davidson, Security Architect, Canada Life
- Susanne Tedrick, IBM Technical Specialist, IBM Cloud Platform, IBM
- Kantcho Manahov, Senior Cloud Cyber Security Manager, KPMG
- Yvon Day, Asset Management Consultant, BDC
- Christopher Odediran, Head of IT Asset Management, Mott Macdonald
- Luz Cervantes, IT Asset Manager, Northgate Markets
- Tammy Krauthammer, VP of Technology, LPL Financial
Design and Implement a Business-Aligned Security Program
Build an Information Security Strategy
Secure Operations in High-Risk Jurisdictions
Develop a Security Awareness and Training Program That Empowers End Users
Build, Optimize, and Present a Risk-Based Security Budget
Hire or Develop a World-Class CISO
Fast Track Your GDPR Compliance Efforts
Build a Cloud Security Strategy
Identify the Components of Your Cloud Security Architecture
Security Priorities 2022
2020 Security Priorities Report
Manage Third-Party Service Security Outsourcing
Select a Security Outsourcing Partner
Improve Security Governance With a Security Steering Committee
The First 100 Days as CISO
Determine Your Zero Trust Readiness
Cost-Optimize Your Security Budget
Threat Preparedness Using MITRE ATT&CK®
Build a Zero Trust Roadmap
Security Priorities 2023
Security Priorities 2024
Grow Your Own Cybersecurity Team
