One debate is about the security of the Cloud and the Cloud provider. Once you decide to go there, the next question is about how to get it done.
There are a few key and basic concepts to be followed. First and foremost you need to understand, which responsibilities you are moving with the workload and which responsibilities stills stay with you. This is absolutely fundamental and will differ by the workload you move. We often use the following picture when we talk about this:
The diagram shows it well on a high level. There are a few additional themes you need to look at: E.g. how do you monitor such an environment? How do you do incident response etc.? These are often joint efforts between you and the provider to be driven.
Once you decided on these lines, probably the toughest problem comes: You might want not want to start with data classified as “Highly Confidential” – you might want to learn with less critical data. This is often a huge challenge for most companies as they simply grew organically over time and are challenged with understanding which data is where.
And then you need to move. You need to investigate the detailed settings of the platform etc. We just published good information on this challenge together with the Center for Internet Security‘s (CIS). All this relevant information can be found here: Best practices for securely moving workloads to Microsoft Azure
If you need more information on the first point and the transfer of responsibility, you require transparency by the cloud provider. In our case, we combined everything the Trust Center. The trust center gives you the best possible insight into how we run our platforms. Linked to it is the Compliance Manager, which helps you to understand the line above and gives you access to our controls framework and the audits reports connected with it. Pretty cool stuff!!
- Microsoft’s latest acquisition is a gaming startup that will help beef up Microsoft’s Azure cloud service (MSFT) (businessinsider.com)