Proper Cloud Management is a “must have” for Information Security

Given the steep adoption curve of ever more cloud use cases, enterprises face the challenge of losing control over many aspects of their cloud service operations, including information security. Incidentally, the entire Multi-Cloud Management Framework aims to establish appropriate controls and institutionalise an operating model that is fit for the paradigmshift brought by the cloud. The Multi-Cloud Management Framework helps organisations to become aware of, prioritise, and consistently execute their information security policies down to the use-case level. Many organisations think their fully audited ISO 27001 ISMS can do it all, but unfortunately this is not the case. This is directly related to the key challenges inherent in the migration to cloud services.

Imagine a cloud service provider reducing the standard backup interval while simultaneously improving its disaster recovery functionality. For certain use cases, this might mean that the legal data retention requirements can now only be met by upgrading or changing to a differentservice. For other use cases, it might mean that the additional disaster recovery service becomes redundant and the enterprise overspends. Either way, every affected enterprise will have to deal with the changes to achieve legal compliance and fine-tune the financial impact.

The above example illustrates the need to shift the perspective to service/use-case combinations and extend certain planning, sourcing, and transition activities into operations. This is what Cloud Management is designed to achieve.

Dr. Tobias Höllwarth
President EuroCloud Europe
Member of the FIC Advisory Board
Associate at Sourcing International