Skip to Main Content
Access your saved content
The benefits of cloud computing are certain. As companies move forward with their strategies to access these benefits, an effective cloud security strategy becomes essential. Accenture identifies five key principles for crafting a security strategy for the cloud.
Download the full article. [PDF, 862KB]PDF Help Learn more about Accenture's Cloud Services.
The cloud is a fast-moving target that will look very different in six months. It is clear, however, that companies are already reaping game-changing benefits by using the cloud to, for example, improve time to market or quickly scale their capacity demands up or down. And many are doing so in a controlled and secure way, either using the cloud provider’s services or supplementing those services in-house.
Indeed, the cloud represents a fresh chance for organizations to rethink their approach to information security, moving from a reactive and bottom-up approach to one that is top-down, with a security framework that is understood, set and supported by management.
Based on Accenture’s experience working with the providers and clients breaking ground in the cloud, we recommend five principles for crafting an effective cloud security strategy.
Know your appetite for data privacy and security risk. Legal and regulatory issues are amplified in a cloud setting, and can involve the handling of an incident, protecting individual data privacy or collecting evidence. As first step, it is essential to distinguish between data privacy and security.
Expect to share responsibility. It is crucial to clarify the roles of the data owner, cloud provider and systems integrator, if applicable, in delivering legally compliant solutions.
Demand transparency and accountability from cloud providers. If data owners cannot win a reasonable amount of transparency and accountability from cloud providers, they should walk away from the negotiating table.
Use the cloud to solve identity and access management issues. Companies want one view of users and applications, regardless of whether they reside on the cloud or on their own premises.
Design solutions that address the risk. In the near term, many companies will select hybrid clouds as a bridge solution waiting for the industry to mature, and data privacy and compliance features to be standardized. However, public cloud vendors have a great incentive to provide the data security and privacy controls that companies need in order to move mission-critical applications into the cloud.
There are clear benefits to highly elastic, scalable, on-demand computing power and an ecosystem of providers eager to meet the needs of large enterprises. Enterprises have to determine which data and applications make the most sense for the public cloud and which require a different solution, such as a hybrid pass-through of data into the cloud for number-crunching and then back to a private data center for storage.
As with any technological solution, companies need to understand the risks associated with multi-tenancy in the cloud, develop a risk management framework for security and data governance, and then design solutions to address the risks.
Companies considering the cloud should keep these final thoughts in mind as they move forward:
Study data privacy laws to ensure that none are violated. Think twice—at least in 2011—before putting consumer data in the cloud.
Bring the right people (privacy, IT, security, corporate governance, legal) to the table when cloud decisions are being made.
Do not allow any ad-hoc cloud computing. Require business units to follow standardized enterprise-wide rules.
Read a cloud provider’s terms of service, and then read them again.
Accenture is also working with cloud providers to help them understand the regulatory environment affecting their potential client base. These efforts are bearing fruit, and more cloud providers are now providing the transparency and controls demanded by data owners.
Learn how Accenture is helping organizations solve cloud security challenges.
July 20, 2011
Skip Footer Links