Help Developing a Cloud Strategy Document

The difference between a Cloud Strategy and Cloud Implementation Plan

Most organizations put together a cloud implementation plan when moving to the cloud. Fewer organizations put together a cloud strategy document. A cloud strategy answers the “what” and “why” questions, while a cloud implementation plan answers the “how” questions. Even if you have already moved to the cloud, developing a cloud strategy is still essential to maximize the benefits of the cloud. 

What should my Cloud Strategy document contain?

The main topic areas should include:

Executive Summary – summary of drivers, challenges, and significant steps. This section outlines the “why” you are moving to the cloud, including expectations. If you are already in the cloud, are you getting the expected benefits? It also includes your cloud council members and roles.

Baselines – include your cloud computing baseline definitions and business baseline. For the business baseline, summarize the top-level business strategy, desired business outcomes, and business transformation initiatives, including potential benefits and risks.

Brainstorming – focus on services strategy such as when to consume, when to build, and how to secure, manage and govern hybrid environments. In addition, review the financial aspects of the cloud, including pricing, chargebacks, payment models, and evaluating Capex vs. Opex. Exploring and documenting all of these areas ensures understanding of all options. It also helps re-evaluate these areas if already in the cloud to ensure you get the most value.

Principles – determine your organization’s core strategy such as cloud-first, buy before build (using SaaS), multi-cloud environments, or hybrid cloud options. These may change over time depending upon your business goals.

Inventory – an assessment of where you are today workload by workload to determine performance characteristics. For example, if you have a typical enterprise application that is already virtualized and running efficiently in your data center, doesn’t vary much, and doesn’t have peak workloads, there may be no benefit in moving it to the cloud. 

Alignment – covers security, governance, and compliance. State your security principles, including governance (who is responsible) and industry compliance needs. Make sure your cloud provider can meet those expectations. 

Exit strategy – this may be the most critical part of the strategy. Develop your acceptable T&C’s and SLAs to compare against proposed cloud providers. Review your cloud contact to determine data ownership, backup and portability if you decide to exit. Sometimes the most challenging part about leaving your cloud provider is not terminating the contract but unraveling the technology.   

Like any other document, your cloud strategy should be regularly reviewed and updated.

How do I get started?

Dewpoint is here to help you. We have infrastructure and operations professionals available to assist you in either developing a cloud strategy, performing an independent review of your current plan, or ensuring you are getting the most value out of your cloud provider. Contact us today for answers to all of your cloud questions.

Is Your Cloud Secure?

Ensuring Your Cloud Data is Secure

Most companies have already moved or are in the process of moving to the cloud. Many pursue a hybrid or multi-cloud strategy to integrate multiple services, ensure scalability, and improve business continuity. Although the cloud has the potential to be more secure than traditional on-premises solutions, you won’t necessarily realize greater security from the cloud without modifying your business practices.

Cloud Security Pitfalls

The cloud has become commonplace, but cloud security continues to be a severe concern for cybersecurity professionals. Common cloud security threats include the following:

  • Misconfiguration of the cloud platform – Occurs when a cloud-related system, tool, or asset is not configured correctly, thus endangering the system and exposing it to a potential attack or data leak. A recent configuration error exposed 13 million internal records traced back to Fox News, including personally identifiable information on employees.
  • Insecure interfaces/APIs – One of the most challenging things about the cloud is that there are many possible entry points for attacks. Although the service attack area may be smaller, it’s much more fragmented. You need to consider how APIs impact the more extensive system. Intruders look for less-secure APIs to hijack data.
  • Unauthorized access – Limiting employee access on an as-required basis is critical. No one in your organization should have more access than needed to complete their job-related responsibilities. According to research from Intel, insider threats are responsible for an incredible 43% of all breaches – half intentional and half accidental.
  • Exfiltration of sensitive data – Cloud services can introduce new categories of data exfiltration, including employees, users, or administrators using features of the cloud provider suite in insecure ways. This activity presents a data exfiltration potential from any actor who can requisition or modify virtual machines, deploy code, or make requests to cloud storage or computation services. Securing and authorizing the behavior of services running in the cloud is essential to providing data security. 

Develop a Secure Cloud Strategy

There are challenges present in the policies and technologies for security and control of the cloud. In most cases, the user fails to manage the controls used to protect an organization’s data, not the cloud provider. Developing a well-designed risk management strategy aligned with the overarching cloud strategy can help your organization determine where public cloud use makes sense and actions to reduce risk exposure. Dewpoint can help you develop and implement a risk management strategy or review your current strategy and controls to ensure your cloud data is secure. Contact us today to help strengthen your controls and prevent a security breach.