CloudTweaks: 7 Steps To Developing A Cloud Security Plan

InsightaaS: Cloud Tweaks uses a combination of research and editorial bloggers (both staff and outside contributors) to inform readers about key IT topics: cloud, convergence, and green, grid and utility computing. In this post, the CloudTweaks team provides insight from a recent NaviSite whitepaper (note: registration required to read steps 2-7!)

Designing and implementing an enterprise security plan can be a daunting task for any business. To help facilitate this endeavor NaviSite has developed a manageable process and checklist that can be used by enterprise security, compliance, and IT professionals as a framework for crafting a successful cloud computing security plan. It defines seven steps–sequentially–that have been tested and refined through NaviSite’s experiences helping hundreds of companies secure enterprise resources according to best practices. This plan enables organizations to gain the economic advantages of secure and compliant managed cloud services.


It is important that any cloud security plan begins with the basic understanding of your specific business goals. Security is not a one-size-fits-all scenario and should focus on enabling:

  • TECHNOLOGIES: Authentication and authorization, managing and monitoring, and reporting and auditing technologies should be leveraged to protect, monitor, and report on access to information resources
  • PROCESSES: Methodologies should be established that define clear processes for everything from provisioning and account establishment through incident management, problem management, change control, and acceptable use policies so that processes govern access to information
  • PEOPLE: Organizations need access to the proper skill sets and expertise to develop security plans that align with business goals

Too often, organizations view internal security and compliance teams as inhibitors to advancing the goals of the business...

Read the entire post: