Cloud Computing Readiness Check

Safely transition to cloud-based services

Next Steps:

Overview

Cloud computing offers several key advantages to organizations, including reduced costs, automation, hardware independence, high availability, and increased flexibility. Use of cloud technology also alters the risk landscape, impacting confidentiality, privacy, integrity, regulatory compliance, availability, and e-discovery, as well as incident response and forensics. Therefore, it is important to ensure that proper security controls are in place.

Key Benefits

  • Ease the transition to cloud-based services
    Avoid cloud computing security pitfalls. Foundstone assists your organization as you make the transition to cloud-based services. Our consultants help you ensure that the design, implementation, and operational details of your cloud solution meet your security requirements.
  • Get next step recommendations
    Our deliverables include a Comprehensive Cloud Computing Readiness Check report with summary report card, recommendations for further action, and a half-day Cloud Computing Readiness Check presentation and results review workshop. A summary letter for external use can also be provided on request.

Methodology

Foundstone’s Cloud Computing Readiness Check covers all major cloud computing architectures, including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Foundstone consultants create a custom methodology that accounts for your unique requirements. The Cloud Computing Readiness Check includes the following review phases:

Architecture & Design Review
In the Architecture & Design Review phase of the assessment, Foundstone consultants examine:

  • Network topology
  • Key assets
  • Data storage and operation
  • Input and output endpoints in system
  • Trust boundaries
  • Access controls
  • System and network isolation
  • Administrative controls for cloud vendor
  • Administrative controls for business owner

Cloud Infrastructure Security Review
Assess the logical network, applications, and services hosted by the cloud. The key steps of this phase include:

  • Network, application, and service enumeration
  • Topology mapping
  • Asset identification
  • Security controls enumeration and verification
  • Attack and penetration
  • Information retrieval
  • Pillage and cleanup

Governance, Policies & Procedures Review
The policies, procedures, and regulations followed by the cloud vendor may not be consistent with your requirements and expectations. This assessment compares the vendor’s policies and procedures against industry best practices and regulatory compliance requirements that are specific to your organization. Based on the results, policies, procedures, and service legal agreements can be developed to bridge identified gaps. The areas covered as part of this review include:

  • Legal contract and SLA review
  • E-discovery and information management
  • Information and data lifecycle management
  • Compliance and audit
  • Business continuity and disaster recovery management
  • Information integrity and confidentiality assurance
  • Operation, administration, and access management procedures
  • Incident response management and forensics

All Foundstone projects are managed using our proven Security Engagement Process (SEP). A critical aspect of this process is continual communication with your organization to ensure the success of your Foundstone consulting engagement. The duration of this engagement depends on the size and nature of your cloud computing efforts and project scope.