All accenture.comCareersNewsroomInvestor RelationsOutlook journal

About Accenture Newsroom Latest Thinking Careers Contact Us

United States

AndorraEnglish
English

AngolaEnglish
English

ArgentinaSpanish
Spanish

AustraliaEnglish
English

AustriaGerman
German

BelgiumEnglish
English

BotswanaEnglish
English

BrazilPortuguese
Portuguese

CanadaEnglish|French
English
|
French

ChileSpanish
Spanish

ChinaEnglish|Chinese
English
|
Chinese

ColombiaSpanish
Spanish

Czech RepublicEnglish
English

DenmarkEnglish
English

EgyptEnglish
English

FinlandEnglish
English

FranceFrench
French

GermanyGerman
German

GreeceEnglish
English

Hong Kong SAREnglish
English

HungaryHungarian
Hungarian

IndiaEnglish
English

IndonesiaEnglish
English

IrelandEnglish
English

IsraelEnglish
English

ItalyItalian
Italian

JapanJapanese
Japanese

LatviaEnglish
English

LuxembourgEnglish
English

MalaysiaEnglish
English

MauritiusEnglish
English

MexicoSpanish
Spanish

MoroccoEnglish
English

NetherlandsEnglish
English

NigeriaEnglish
English

NorwayEnglish
English

PeruEnglish
English

PhilippinesEnglish
English

PolandEnglish|Polish
English
|
Polish

PortugalEnglish
English

RomaniaEnglish
English

RussiaRussian
Russian

Saudi ArabiaEnglish
English

SingaporeEnglish
English

Slovak RepublicEnglish
English

South AfricaEnglish
English

South KoreaEnglish
English

SpainSpanish
Spanish

SwedenEnglish
English

SwitzerlandGerman
German

TaiwanEnglish
English

ThailandEnglish
English

TurkeyEnglish
English

UAEEnglish
English

UkraineEnglish
English

United KingdomEnglish
English

United StatesEnglish
English

VenezuelaEnglish
English

VietnamEnglish
English

true

Consulting
Close
Technology
Close
Outsourcing
Close
Industries
Close

New?

Start Here

Taming the Wild West: How to Build a Strong Cloud Security Strategy

Share

Save

Saved

Access your saved content

Overview

The benefits of cloud computing are certain. As companies move forward with their strategies to access these benefits, an effective cloud security strategy becomes essential. Accenture identifies five key principles for crafting a security strategy for the cloud.

Download the full article. [PDF, 862KB]
PDF Help

Learn more about Accenture's Cloud Services.

Background

The cloud is a fast-moving target that will look very different in six months. It is clear, however, that companies are already reaping game-changing benefits by using the cloud to, for example, improve time to market or quickly scale their capacity demands up or down. And many are doing so in a controlled and secure way, either using the cloud provider’s services or supplementing those services in-house.

Indeed, the cloud represents a fresh chance for organizations to rethink their approach to information security, moving from a reactive and bottom-up approach to one that is top-down, with a security framework that is understood, set and supported by management.

Analysis

Based on Accenture’s experience working with the providers and clients breaking ground in the cloud, we recommend five principles for crafting an effective cloud security strategy.

Know your appetite for data privacy and security risk. Legal and regulatory issues are amplified in a cloud setting, and can involve the handling of an incident, protecting individual data privacy or collecting evidence. As first step, it is essential to distinguish between data privacy and security.
Expect to share responsibility. It is crucial to clarify the roles of the data owner, cloud provider and systems integrator, if applicable, in delivering legally compliant solutions.
Demand transparency and accountability from cloud providers. If data owners cannot win a reasonable amount of transparency and accountability from cloud providers, they should walk away from the negotiating table.
Use the cloud to solve identity and access management issues. Companies want one view of users and applications, regardless of whether they reside on the cloud or on their own premises.
Design solutions that address the risk. In the near term, many companies will select hybrid clouds as a bridge solution waiting for the industry to mature, and data privacy and compliance features to be standardized. However, public cloud vendors have a great incentive to provide the data security and privacy controls that companies need in order to move mission-critical applications into the cloud.

Recommendations

There are clear benefits to highly elastic, scalable, on-demand computing power and an ecosystem of providers eager to meet the needs of large enterprises. Enterprises have to determine which data and applications make the most sense for the public cloud and which require a different solution, such as a hybrid pass-through of data into the cloud for number-crunching and then back to a private data center for storage.

As with any technological solution, companies need to understand the risks associated with multi-tenancy in the cloud, develop a risk management framework for security and data governance, and then design solutions to address the risks.

Companies considering the cloud should keep these final thoughts in mind as they move forward:

Study data privacy laws to ensure that none are violated. Think twice—at least in 2011—before putting consumer data in the cloud.
Bring the right people (privacy, IT, security, corporate governance, legal) to the table when cloud decisions are being made.
Do not allow any ad-hoc cloud computing. Require business units to follow standardized enterprise-wide rules.
Read a cloud provider’s terms of service, and then read them again.

Accenture is also working with cloud providers to help them understand the regulatory environment affecting their potential client base. These efforts are bearing fruit, and more cloud providers are now providing the transparency and controls demanded by data owners.

Learn how Accenture is helping organizations solve cloud security challenges.

July 20, 2011

Get in touch

+1 312-842-5012 +1 877-889-9009

Send a Question

More contact options