Cloud security requires a second opinion

A blog post by David Linthicum, managing director, chief cloud strategy officer, Deloitte Consulting LLP

Cloud security is like any other type of security. The higher the degree of effort you put into the planning and technology selection, the better your security will be. This holds true for any platform, including cloud computing.

That’s why it’s a good idea to get a second opinion when it’s time to firm up security, planning, architecture, and technology selection. A second opinion should confirm the following:

• Compliance to all rules and regulations. This becomes an important matter. You can have the most brilliant people work on a cloud security solution but miss the boat on compliance. This can result in fines and loss of creditability that are worse than any breach that may occur. That’s why you need a second option from a subject matter expert (SME) to make certain the correct rules and regulations are applied, and work together to ensure that the resulting solution addresses this important issue.
• Optimal security technology. What’s the difference between security solutions that seem to do the same things? Although both can be optimized for your security requirements it can still be the wrong solution. Technology selection and configuration becomes a matter of what’s optimal vs. what works. In other words, we might miss the potential of having technology that’s very close to being 100 percent efficient versus other solutions that are not. Both solutions work, but one works better.
• Audit procedures and planning. Security is ongoing. You need to invite people into your company to check on your security now, and at increments in the future. The idea is that you can spot issues before the hackers do and proactively correct them. Moreover, you need the ability to build processes that can be more proactive when faced with potential threats. This means that you’re getting a second opinion on a regular basis, and you make it part of your security processes. These audits need to be deep and meaningful, so you get real value out of them.

So, are you prepared to get a second opinion around your cloud security? If security excellence is in your future, a second opinion is a core requirement.