ID Number: G00204001



Developing a Cloud Computing Security Strategy
21 May 2010
 
Dan Blum  

Organizations need a strategy to leverage cloud computing in a secure manner. In this guidance document, Burton Group Principal Analyst Dan Blum discusses how to align cloud computing governance with security organizations, IT groups, and business units. This document also discusses architectural considerations, cloud computing use cases, service provider assessment criteria, and cloud-enabling the organization's IT security infrastructure.





*
Unavailable for individual purchase
For information on how to gain access to this and other documents,
click here.













Contact Gartner




For information on how to gain access to this and other documents, click here.
 You or your organization may already own this document. Register now to find out. Your Gartner Membership Administrator can supply the needed License Key(s).
You will not lose your document during registration.
Sign in here:
Username:

Password:
Forgot your username
or password?







This document is not available as part of your current Gartner subscription. For pricing and availability of the full document, please contact your Gartner account representative. Your account representative can also give you more information about your current subscription and other access options that may be available to you. If you do not have a Gartner account representative, call +1 203 316 1200 for assistance.

Table of Contents

Contents
  • Summary of Findings
  • Guidance Context
    • Problem Statement
    • Guidance Applicability
    • Related Guidance
  • The Burton Group Approach
  • Guidance Framework
    • Understand Cloud Computing Security from Both Industry and Organizational Perspectives
    • Assess the Organization's Cloud Computing Security Governance
    • Facilitate Alignment on Cloud Security Strategy with Business Units and IT
    • Define the Use Cases to Drive Overall Cloud Security Architecture
      • Be Aware of Unanswered Questions
      • Cover Use Cases and Stay Flexible
    • Update Security Processes
      • Project Management and Rules of Engagement
      • Risk Management
      • Legal and Procurement
      • Vendor Management
      • Audit
      • E-Discovery
      • Incident Response
    • Develop Security Assessment and Audit Criteria
    • Cloud-Enable Security Infrastructure and Services
      • Finding the Gaps
      • Controlling, Enabling, and Monitoring Usage
    • Ensure User Awareness and Knowledge
    • Revisit Cloud Security Strategy and Governance Periodically
  • Risks and Pitfalls
    • Overprotecting or Misjudging Cloud
    • Neglecting Cloud Security
  • Conclusion
  • Notes
  • Revision History
Tables
Table 1.
CSP Responsibilities by S-P-I Stack and Security Layers
Table 2.
Technical Mechanisms to Monitor and Control CSPs
Figures
Figure 1.
Cloud Computing Security Strategy Guidance Components




© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 1405811