I have been working through a case study of migrating a data-center based solution to a cloud environment. In this case study, the services being used from the cloud service provider (CSP) is the infrastructure (IaaS).
When using IaaS, the CSP owns the primary responsibility of the physical security of the servers and data vulnerability of the network. But security responsibility of everything hosted on these servers and network goes to the cloud user, in my case the company 'A'.
From a project management perspective choosing the cloud service provider, and working on the migration project should be done in structured way.
1. The management team should understand the impact of different cloud based functionalities in security. This task should be part of the Evalute-Direct-Monitor (EDM) phase or Governance phase based on COBIT's terminology. The management team also has a major role in assessing these factors in choosing the cloud vendor.
2. During the project implementation, security measures such as Web-application firewall.
Comments