Cloud computing provides a wide array of mechanisms for data to be accessed. Understanding the following questions from business requirements and technical implementation perspective will help to ensure a cloud computing environment that meets your user and information security requirements:
- How will your organization's data be utilized?
- Who will be accessing the data?
- What controls need to be in place to protect the data?
Some questions to consider related to data access include:
- How will your organization's information be utilized?
- This goes back to understanding the needs of your business/mission and performing the necessary data categorization activities
- Understanding your organization's data and its sensitivity to the organization's mission is critical to establishing an effective architecture that will meet your mission requirements
- Who will have access to the information?
- Ensure that you address all potential data access requirements from a permissions and user roles perspective
- Where are users coming from?
- Are users coming from your corporate network, partners, public Wi-Fi? Understand all your potential scenarios so that you can build strong conditional access policies.