User:Shawndouglas/sandbox/sublevel1

From LIMSWiki
Jump to navigationJump to search
Quanta Computer cloud computing servers at COSCUP 20120819.jpg

Much has been said to this point about cloud computing, the importance of security to the technology, the risks inherent to it, and how to manage those risks. We've also looked at cloud computing within the realm of the laboratory and how security, risk, and risk management fit into the laboratory's concerns. Now it's time to take that knowledge and those concerns directly to the task of choosing one or more cloud services to implement in your lab. (Appendix 1 of this guide provides a list of profiles for top public, hybrid, and multicloud providers to consider.)

Prior chapters have highlighted the fact that choosing to move towards a cloud-based approach in your organization is a process in itself, a process deserving of a plan. Just as risk management is part of an overall cybersecurity plan, choosing and implementing a cloud project is part of an overall cloud migration plan.[1] By this point, you've hopefully already:

  • stated the goals of the cloud project and received management buy-in;
  • identified the project stakeholders;
  • developed scope and responsibility documentation;
  • examined and classified your existing—and future—data for criticality, sensitivity, cleanliness, suitability, etc.;
  • identified relevant risks associated with the five risk categories as part of an overall/enterprise risk management assessment; and
  • identified computing requirements and objectives, including the need for any data cleansing and migration tools.

Of course, there's more to the cloud migration plan, including documenting and training on processes and procedures, monitoring performance and security controls, and employing corrective action, but those come after you've chosen and implemented your cloud solution(s). The following sections examine what aspects to consider as part of that process, including what an average cloud service provider (CSP) should look like, what to look for in a CSP (including their service agreements), what your organization should ask of itself, and what your organization should be asking of the CSP.

References