Matthew Hoerig
President & CEO, Trustsec Inc. President, Cloud Security Alliance Canada
Most organizations are beginning to adopt a cloud-first approach to IT operations, small and medium businesses (SMB) can reap significant benefits from moving to the cloud.
Organizations must be informed and prepared as they embark on their cloud journey. Here are some initial questions that CIO’s and IT leaders might ask as their organizations embark on the cloud journey.
How can I minimize the risk to my cloud applications and data?
Understanding what the responsibilities are between both the provider and the consumer is key. This is known as the SRM (Shared Responsibility Model). SaaS or Software-as-a-Service shifts the responsibility for hosting and securing your infrastructure to the provider, which may be the answer for most small businesses. Ultimately as the data owner, you have the final responsibility for the data itself.
What does the Cloud cost?
There are many tools, estimators and calculators made available by most Cloud Providers. It is important to know your own on-prem environment and the associated cost (CapEx&OpEx) first to contrast and compare. Providers will typically have personnel available to help guide you through the analysis. To advise caution, many organizations are unpleasantly surprised when that first bill arrives – do your homework.
How can I address security risks and benefit from areas such as compliance, cyber-insurance, and customer confidence?
Security control assessments can help your SMB prepare to adopt new cloud services. Different certifications and frameworks include SOC 2 Compliance, the NIST Cybersecurity Framework, or the Cloud Security Alliance’s Cloud Controls Matrix. Some of these are self-assessments, while others would be conducted by third parties to ensure your team is on the right track.
How can I get started?
IT leaders must work with their team to develop a feasible, effective, and sustainable cloud strategy that all other decisions will stem from. Consulting firms and providers themselves are great resources at your disposal. Operating in the cloud can present many organizational benefits and drive better economies of scale, but if the journey isn’t well thought out and executed, organizations will fail. And nobody wants that.