Identify the Components of Your Cloud Security Architecture | Info-Tech Research Group

Do not fill in this field

Enter no text in this field

Get Instant Access
to This Blueprint

Business Email

Full Name

Company

Phone

Job Title

Leveraging the cloud introduces IT professionals to a new world that they are tasked with securing. Consumers do not know what security services they need and when to implement them.
With many cloud vendors proposing to share the security responsibility, it can be a challenge for organizations to develop a clear understanding of how they can best secure their data off premises.

Our Advice

Critical Insight

Your cloud security architecture needs to be strategic, realistic, and based on risk. The NIST approach to cloud security is to include everything security into your cloud architecture to be deemed secure. However, you can still have a robust and secure cloud architecture by using a risk-based approach to identify the necessary controls and mitigating services for your environment.
The cloud is not the right choice for everyone. You’re not as unique as you think. Start with a reference model that is based on your risks and business attributes and optimize it from there.
Your responsibility doesn’t end at the vendor. Even if you outsource your security services to your vendors, you will still have security responsibilities to address.
Don’t boil the ocean; do what is realistic for your enterprise. Your cloud security architecture should be based on securing your most critical assets. Use our reference model to determine a launch point.
A successful strategy is holistic. Controlling for cloud risks comes from knowing what the risks are. Consider the full spectrum of security, including both processes and technologies.

Impact and Result

The business is adopting a cloud environment and it must be secured, which includes:

Ensuring business data cannot be leaked or stolen.
Maintaining the privacy of data and other information.
Securing the network connection points.
Knowing the risks associated with the cloud and mitigating those risks with the appropriate services.

This blueprint and associated tools are scalable for all types of organizations within various industry sectors. It allows them to know what types of risk they are facing and what security services are strongly recommended to mitigate those risks.

Identify the Components of Your Cloud Security Architecture Research & Tools

Start Here – read the Executive Brief

Read our concise Executive Brief to find out why you should create a cloud security architecture with security at the forefront, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Identify the Components of Your Cloud Security Architecture – Executive Brief

1. Cloud security alignment analysis

Explore how the cloud changes and whether your enterprise is ready for the shift to the cloud.

2. Business-critical workload analysis

Analyze the workloads that will migrated to the cloud. Consider the various domains of security in the cloud, considering the cloud’s unique risks and challenges as they pertain to your workloads.

3. Cloud security architecture mapping

Map your risks to services in a reference model from which to build a robust launch point for your architecture.

4. Cloud security strategy planning

Map your risks to services in a reference architecture to build a robust roadmap from.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

10.0/10

Overall Impact

$12,999

Average $ Saved

20

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Pegasus Logistics Group, Inc.

Guided Implementation

10/10

$12,999

20

Knowledge of the analyst. Willingness and ability to come up with specific solutions applicable to our business and needs.

Workshop: Identify the Components of Your Cloud Security Architecture

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Cloud Security Alignment Analysis

The Purpose

Understand your suitability and associated risks with your workloads as they are deployed into the cloud.

Key Benefits Achieved

An understanding of the organization’s readiness and optimal service level for cloud security.

Activities

Outputs

1.1

Workload Deployment Plan

Workload deployment plan

1.2

Cloud Suitability Questionnaire

Determined the suitability of the cloud for your workloads

1.3

Cloud Risk Assessment

Risk assessment of the associated workloads

1.4

Cloud Suitability Analysis

Overview of cloud suitability

Module 2: Business-Critical Workload Analysis

The Purpose

Explore your business-critical workloads and the associated controls and mitigating services to secure them.

Key Benefits Achieved

Address NIST 800-53 security controls and the appropriate security services that can mitigate the risks appropriately.

Activities

Outputs

2.1

“A” Environment Analysis

NIST 800-53 control mappings and relevancy

2.2

“B” Environment Analysis

NIST 800-53 control mappings and relevancy

2.3

“C” Environment Analysis

NIST 800-53 control mappings and relevancy

2.4

Prioritized Security Controls

Prioritized security controls based on risk and environmental makeup
Mitigating security services for controls

2.5

Effort and Risk Dashboard Overview

Effort and Risk Dashboard

Module 3: Cloud Security Architecture Mapping

The Purpose

Identify security services to mitigate challenges posed by the cloud in various areas of security.

Key Benefits Achieved

Comprehensive list of security services, and their applicability to your network environment. Documentation of your “current” state of cloud security.

Activities

Outputs

3.1

Cloud Security Control Mapping

1. Cloud Security Architecture Archive Document to codify and document each of the associated controls and their risk levels to security services

3.2

Cloud Security Architecture Reference Model Mapping

2. Mapping of the codified controls onto Info-Tech’s Cloud Security Architecture Reference Model for clear security prioritization

Module 4: Cloud Security Strategy Planning

The Purpose

Prepare a communication deck for executive stakeholders to socialize them to the state of your cloud security initiatives and where you still have to go.

Key Benefits Achieved

A roadmap for improving security in the cloud.

Activities

Outputs

4.1

Cloud Security Strategy Considerations

Consider the additional security considerations of the cloud for preparation in the communication deck.

4.2

Cloud Security Architecture Communication Deck

Codify all your results into an easily communicable communication deck with a clear pathway for progression and implementation of security services to mitigate cloud risks.

Identify the Components of Your Cloud Security Architecture visualization

Security in the cloud requires solutions, not speculation.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Table of Contents

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 12 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Cloud security alignment analysis

Call 1: Scope requirements, objectives, and your specific challenges

Guided Implementation 2: Business-critical workload analysis

Call 1: Workload deployment and Cloud Suitability Questionnaire
Call 2: Cloud Risk Assessment and Cloud Suitability Results

Guided Implementation 3: Cloud security architecture mapping

Call 1: “A” Cloud Environment Analysis
Call 2: “B” Cloud Environment Analysis
Call 3: “C” Cloud Environment Analysis
Call 4: Prioritized Security Components & Results Dashboard
Call 5: Cloud Security Architecture Mappings
Call 6: Continue Cloud Security Architecture Mappings

Guided Implementation 4: Cloud security strategy planning

Call 1: Cloud Security Strategy Considerations
Call 2: Cloud Security Architecture Communication Deck
Call 3: Summarize results and plan next steps

Authors

Isaac Kinsella

Shastri Sooknanan

Contributors

Arghya Basu, Cognitive & Information Architect, Amgen
Nenad Begovic, Director of Cloud Infrastructure, Equitable Bank
Don Davidson, Security Architect, Canada Life
Susanne Tedrick, IBM Technical Specialist, IBM Cloud Platform, IBM
Kantcho Manahov, Senior Cloud Cyber Security Manager, KPMG
Yvon Day, Asset Management Consultant, BDC
Christopher Odediran, Head of IT Asset Management, Mott Macdonald
Luz Cervantes, IT Asset Manager, Northgate Markets
Tammy Krauthammer, VP of Technology, LPL Financial

Search Code: 96555
Last Revised: March 12, 2021

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019