Help IT Sleep Better At Night: 7 Steps To A Safer Cloud

Lindsey LaManna

Help IT Sleep Better At Night: 7 Steps To A Safer Cloud, Cloud SecurityCloud Security

While the benefits of cloud such as, improving data access, freeing up internal IT resources for more strategic tasks, cutting costs, and increasing flexibility, versatility, efficiency and economies of scale, are compelling – the risks make many businesses stray away from cloud computing.  Perhaps the biggest concern with the cloud is the security of cloud infrastructure.

Well naysayers, no need to fear, a reliable cloud security plan is here!

NaviSite developed a tested and manageable process and checklist on how to develop a successful cloud computing security plan.  This plan is outlined in the whitepaper 7 Steps to Developing a Cloud Security Plan (registration required).

According to Navisite, “In many cases the cloud provider can achieve better security results in a virtualized environment than enterprises can achieve internally.”  However, even if you choose a cloud service provider with strong security capabilities, it’s important to take an active role in securing your data.  Working together with the cloud provider is the best way to ensure the enterprise resources are protected and the cloud is being securely leveraged.

So without further ado, here are 7 steps to a safer cloud:

1.      Understand there is no one-size fits all security plan

The first step is gaining a basic understanding of your business goals and the technologies, processes and people available within your organization that can be used to enable the security plan.  The best cloud security plans are based on the company’s business objectives and long-term strategies and are built in collaboration with all departments and stakeholders, not just at the executive level.

2.      Don’t be naïve – you’re not invincible

Every organization is at risk for data breaches, regardless of where their data is hosted. Therefore, it is essential to develop and carefully maintain a superior risk management program. This program should be “developed centrally and viewed holistically.”  In effect, it will help reduce overall risks, as well as provide “an aggregated view of the risk the company is willing to accept.”

3.      Define the results you want to achieve

After you’ve gained an in-depth understanding of your business goals and have a risk management program in place to support those goals, you should next determine measurable results that you would like to achieve. Include the goals with measurable results (i.e. five less reported security incidents) in your cloud security plan and make sure your cloud provider is aware of and understands them.

4.      Gain support and acceptance from the masses

I say masses because it not only important to gain the support of executives, but the entire company workforce must be involved.  The security strategy must be reasonable to implement and not conflict with existing policies or consume too much time.  It also helps to establish “levels of security that are centrally managed and conveniently implemented across the company.”

5.       Set guidelines to ensure compliance

To ensure that the entire organization fully understands the security program and is driving toward a common goal, establish reasonable and realistic policies, procedures and standards for cloud security.  The best way to do this, Navisite claims, is to use best practices to get started.  You can always edit afterwards.

6.      Check your work

Review your security plan often for areas that can be improved and monitor and report results of the program.  You should also audit compliance to the policies and procedures you defined in the previous step. It helps to have a third-party audit compliance to prevent bias.

7.      Improve, Improve, Improve

Once you’ve developed a cloud security plan that works best for your organization, you’re work is not over.  You’re company will change and so should your security program.  You should, at least, annually revisit your security plan with senior executives and your cloud provider and make any necessary changes.  Strive toward continuous improvement and share your successes with the organization as well.

So now that you’ve been armed with these seven tangible steps to crafting a successful cloud security plan, you have a lot less to worry about the cloud.  If you invest the time to develop a security strategy like this and select a reliable cloud provider, you can enjoy the vast benefits of cloud computing without having to sacrifice the security of your data.

To learn more about the benefits and risks of cloud computing, check out these great articles:

8 Things To Consider Before Committing To The Cloud

Top 9 Challenges in Cloud Computing

Six Cloud Benefits That Are Helping Businesses Innovate


Image credit


About Lindsey LaManna

Lindsey LaManna is Social and Reporting Manager for the Digitalist Magazine by SAP Global Marketing. Follow @LindseyLaManna on Twitter, on LinkedIn or Google+.



Recommended for you:

13 Scary Statistics On Employee Engagement [INFOGRAPHIC]

Jacob Shriar

There is a serious problem with the way we work.

Most employees are disengaged and not passionate about the work they do. This is costing companies a ton of money in lost productivity, absenteeism, and turnover. It’s also harmful to employees, because they’re more stressed out than ever.

The thing that bothers me the most about it, is that it’s all so easy to fix. I can’t figure out why managers aren’t more proactive about this. Besides the human element of caring for our employees, it’s costing them money, so they should care more about fixing it. Something as simple as saying thank you to your employees can have a huge effect on their engagement, not to mention it’s good for your level of happiness.

The infographic that we put together has some pretty shocking statistics in it, but there are a few common themes. Employees feel overworked, overwhelmed, and they don’t like what they do. Companies are noticing it, with 75% of them saying they can’t attract the right talent, and 83% of them feeling that their employer brand isn’t compelling. Companies that want to fix this need to be smart, and patient. This doesn’t happen overnight, but like I mentioned, it’s easy to do. Being patient might be the hardest thing for companies, and I understand how frustrating it can be not to see results right away, but it’s important that you invest in this, because the ROI of employee engagement is huge.

Here are 4 simple (and free) things you can do to get that passion back into employees. These are all based on research from Deloitte.

1.  Encourage side projects

Employees feel overworked and underappreciated, so as leaders, we need to stop overloading them to the point where they can’t handle the workload. Let them explore their own passions and interests, and work on side projects. Ideally, they wouldn’t have to be related to the company, but if you’re worried about them wasting time, you can set that boundary that it has to be related to the company. What this does, is give them autonomy, and let them improve on their skills (mastery), two of the biggest motivators for work.

Employees feel overworked and underappreciated, so as leaders, we need to stop overloading them to the point where they can’t handle the workload.

2.  Encourage workers to engage with customers

At Wistia, a video hosting company, they make everyone in the company do customer support during their onboarding, and they often rotate people into customer support. When I asked Chris, their CEO, why they do this, he mentioned to me that it’s so every single person in the company understands how their customers are using their product. What pains they’re having, what they like about it, it gets everyone on the same page. It keeps all employees in the loop, and can really motivate you to work when you’re talking directly with customers.

3.  Encourage workers to work cross-functionally

Both Apple and Google have created common areas in their offices, specifically and strategically located, so that different workers that don’t normally interact with each other can have a chance to chat.

This isn’t a coincidence. It’s meant for that collaborative learning, and building those relationships with your colleagues.

4.  Encourage networking in their industry

This is similar to number 2 on the list, but it’s important for employees to grow and learn more about what they do. It helps them build that passion for their industry. It’s important to go to networking events, and encourage your employees to participate in these things. Websites like Eventbrite or Meetup have lots of great resources, and most of the events on there are free.

13 Disturbing Facts About Employee Engagement [Infographic]

What do you do to increase employee engagement? Let me know your thoughts in the comments!

Did you like today’s post? If so you’ll love our frequent newsletter! Sign up here and receive The Switch and Shift Change Playbook, by Shawn Murphy, as our thanks to you!

This infographic was crafted with love by Officevibe, the employee survey tool that helps companies improve their corporate wellness, and have a better organizational culture.


Recommended for you:

Supply Chain Fraud: The Threat from Within

Lindsey LaManna

Supply chain fraud – whether perpetrated by suppliers, subcontractors, employees, or some combination of those – can take many forms. Among the most common are:

  • Falsified labor
  • Inflated bills or expense accounts
  • Bribery and corruption
  • Phantom vendor accounts or invoices
  • Bid rigging
  • Grey markets (counterfeit or knockoff products)
  • Failure to meet specifications (resulting in substandard or dangerous goods)
  • Unauthorized disbursements

LSAP_Smart Supply Chains_graphics_briefook inside

Perhaps the most damaging sources of supply chain fraud are internal, especially collusion between an employee and a supplier. Such partnerships help fraudsters evade independent checks and other controls, enabling them to steal larger amounts. The median loss from fraud committed
by a single thief was US$80,000, according to the Association of Certified Fraud Examiners (ACFE).

Costs increase along with the number of perpetrators involved. Fraud involving two thieves had a median loss of US$200,000; fraud involving three people had a median loss of US$355,000; and fraud with four or more had a median loss of more than US$500,000, according to ACFE.

Build a culture to fight fraud

The most effective method to fight internal supply chain theft is to create a culture dedicated to fighting it. Here are a few ways to do it:

  • Make sure the board and C-level executives understand the critical nature of the supply chain and the risk of fraud throughout the procurement lifecycle.
  • Market the organization’s supply chain policies internally and among contractors.
  • Institute policies that prohibit conflicts of interest, and cross-check employee and supplier data to uncover potential conflicts.
  • Define the rules for accepting gifts from suppliers and insist that all gifts be documented.
  • Require two employees to sign off on any proposed changes to suppliers.
  • Watch for staff defections to suppliers, and pay close attention to any supplier that has recently poached an employee.

About Lindsey LaManna

Lindsey LaManna is Social and Reporting Manager for the Digitalist Magazine by SAP Global Marketing. Follow @LindseyLaManna on Twitter, on LinkedIn or Google+.


Recommended for you:

Innovation Without Boundaries: Why The Cloud Matters

Michael Haws

Is it possible to innovate without boundaries?

Of course – if you are using the cloud. An actual cloud doesn’t have any boundaries. It’s fluid. But more important, it can provide the much-needed precipitation that brings nature to life. So it is with cloud technology – but it’s your ideas that can grow and transform your business.USA --- Clouds, Heaven --- Image by © Ocean/Corbis

Running your business in the cloud is no longer just a consideration during a typical use-case exercise. Business executives are now faced with making decisions on solutions that go beyond previous limitations with cloud computing. Selecting the latest tools to address a business process gap is now less about features and more about functionality.

It doesn’t matter whether your organization is experienced with cloud solutions or new to the concept. Cloud technology is quickly becoming a core part of addressing the needs of a growing business.

5 considerations when planning your journey to the cloud

How can your organization define its successful path to the cloud? Here are five things you should consider when investigating whether a move to the cloud is right for you.

1. Understanding the cloud is great, but putting it into action is another thing.

For most CIOs, putting a cloud strategy on paper is new territory. Cloud computing is taking on new realms: Pure managed services to software-as-a-service (SaaS). Just as legacy computing had different flavors, so does cloud technology.

2. There is more than one way to innovate in the cloud.

Alignment with an open cloud reference architecture can help your CIO deliver on the promises of the cloud while using a stair-step approach to cloud adoption – from on-premise to hybrid to full cloud computing. Some companies find their own path by constantly reevaluating their needs and shifting their focus when necessary – making the move from running a data center to delivering real value to stakeholders, for example.

3. The cloud can help accelerate processes and lower cost.

By recognizing unprecedented growth, your organization can embark on a path to significant transformation that powers greater agility and competitiveness. Choose a solution set that best meets your needs, and implement and support it moving forward. By leveraging the cloud to support the chosen solution, ongoing maintenance, training, and system issues becomes the cloud provider’s responsibility. And for you, this offers the freedom to focus on the core business.

4. You can lock down your infrastructure and ensure more efficient processes.

Do you use a traditional reporting engine against a large relational database to generate a sequential batched report to close your books at quarter’s end? If so, you’re not alone. Sure, a new solution with new technology may be an obvious improvement. But how valuable to your board will you become when you reduce the financial closing process by 1–3 days? That’s the beauty of the cloud: You can accelerate the deployment of your chosen solution and realize ROI quickly – even before the next full reporting period.

5. The cloud opens the door to new opportunity in a secure environment.

For many companies, moving to the cloud may seem impossible due to the time and effort needed to train workers and hire resources with the right skill sets. Plus, if you are a startup in a rural location, it may not be as easy to attract the right talent as it is for your Silicon Valley counterparts. The cloud allows your business to secure your infrastructure as well as recruit and onboard those hard-to-find resources by applying a managed services contract to run your cloud model

The cloud means many things to different people. What’s your path?

With SAP HANA Enterprise Cloud service, you can navigate the best path to building, running, and operating your own cloud when running critical business processes. Find out how SAP HANA Enterprise Cloud can deliver the speed and resources necessary to quickly validate and realize solid ROI.

Check out the video below or visit us at

Connect with us on Twitter: @SAPServices



Recommended for you:

Ambient Intelligence: What's Next for The Internet of Things?

Dan Wellers

Imagine that your home security system lets you know when your kids get home from school. As they’re grabbing an afternoon snack, your kitchen takes inventory and sends a shopping list to your local supermarket. There, robots prepare the goods and pack them for home delivery into an autonomous vehicle – or a drone. Meanwhile, your smart watch, connected to a system that senses and analyzes real-time health indicators, alerts you to a suggested dinner menu it just created based on your family’s nutritional needs and ingredients available in your pantry. If you signal your approval, it offers to warm the oven before you get home from work.

This scenario isn’t as futuristic as you might think. In fact, what Gartner calls “the device mesh” is the logical evolution of the Internet of Things. All around us and always on, it will be both ubiquitous and subtle — ambient intelligence.

We’ll do truly different things, instead of just doing things differently. Today’s processes and problems are only a small subset of the many, many scenarios possible when practically everything is instrumented, interconnected, and intelligent.

We’re also going to need to come up with new ways of interacting with the technology and the infrastructure that supports it. Instead of typing on a keyboard or swiping a touchscreen, we’ll be surrounded by various interfaces that capture input automatically, almost incidentally. It will be a fundamental paradigm shift in the way we think of “computing,” and possibly whether we think about computing at all.

The Internet of not-things

The foundation will be a digital infrastructure that responds to its surroundings and the people in it, whether that means ubiquitous communications, ubiquitous entertainment, or ubiquitous opportunities for commerce. This infrastructure will be so seamless that rather than interacting with discrete objects, people will simply interact with their environment through deliberate voice and gesture — or cues like respiration and body temperature that will trigger the environment to respond.

Once such an infrastructure is in place, the possibilities for innovation explode. The power of Moore’s Law is now amplified by Metcalfe’s Law, which says that a network’s value is equal to the square of the number of participants in it. All these Internet-connected “things” — the sensors, devices, actuators, drones, vehicles, products, etc.  — will be able to react automatically, seeing, analyzing, and combining to create value in as yet unimaginable ways.  The individual “things” themselves will meld into a background of ambient connectedness and responsiveness.

The path is clearly marked

Think of the trends we’ve seen emerge in recent years:

  • Sensors and actuators, including implantables and wearables, that let us capture more data and impressions from more objects in more places, and that affect the environment around them.
  • Ubiquitous computing and hyperconnectivity, which exponentially increase the flow of data between people and devices and among devices themselves.
  • Nanotechnology and nanomaterials, which let us build ever more complex devices at microscopic scale.
  • Artificial intelligence, in which algorithms become increasingly capable of making decisions based on past performance and desired results.
  • Vision as an interface to participate in and control augmented and virtual reality
  • Blockchain technology, which makes all kinds of digital transactions secure, verifiable, and potentially automatic.

As these emerging technologies become more powerful and sophisticated, they will increasingly overlap. For example, the distinctions between drones, autonomous vehicles, and robotics are already blurring. This convergence, which multiplies the strengths of each technology, makes ambient intelligence not just desirable but inevitable.

Early signposts on the way

We’re edging into the territory of ambient intelligence today. Increasingly complex sensors, systems architectures, and software can gather, store, manage, and analyze vastly more data in far less time with much greater sophistication.

Home automation is accelerating, allowing people to program lighting, air conditioning, audio and video, security systems, appliances, and other complex devices and then let them run more or less independently. Drones, robots, and autonomous vehicles can gather, generate, and navigate by data from locations human beings can’t or don’t access. Entire urban areas like Barcelona and Singapore are aiming to become “smart cities,” with initiatives already underway to automate the management of services like parking, trash collection, and traffic lights.

Our homes, vehicles, and communities may not be entirely self-maintaining yet, but it’s possible to set parameters within which significant systems operate more or less on their own. Eventually, these systems will become proficient enough at pattern matching that they’ll be able to learn from each other. That’s when we’ll hit the knee of the exponential growth curve.

Where are we heading?

Experts predict that, by 2022, 1 trillion networked sensors will be embedded in the world around us, with up to 45 trillion in 20 years. With this many sources of data for all manner of purposes, systems will be able to arrive at fast, accurate decisions about nearly everything. And they’ll be able to act on those things at the slightest prompting, or with little to no action on your part at all.

Ambient intelligence could transform cities through dynamic routing and signage for both drivers and pedestrians. It could manage mass transit for optimal efficiency based on real-time conditions. It could monitor environmental conditions and mitigate potential hotspots proactively, predict the need for government services and make sure those services are delivered efficiently, spot opportunities to streamline the supply chain and put them into effect automatically.

Nanotechnology in your clothing could send environmental data to your smart phone, or charge it from electricity generated as you walk. But why carry a phone when any glass surface, from your bathroom mirror to your kitchen window, could become an interactive interface for checking your calendar, answering email, watching videos, and anything else we do today on our phones and tablets? For that matter, why carry a phone when ambient connectivity will let us simply speak to each other across a distance without devices?

How to get there

In Tech Trends 2015, Deloitte Consulting outlines four capabilities required for ambient computing:

  1. Integrating information flow between varying types of devices from a wide range of global manufacturers with proprietary data and technologies
  2. Performing analytics and management of the physical objects and low-level events to detect signals and predict impact
  3. Orchestrating those signals and objects to fulfill complex events or end-to-end business processes
  4. Securing and monitoring the entire system of devices, connectivity, and information exchange

These technical challenges are daunting, but doable.

Of course, businesses and governments need to consider the ramifications of systems that can sense, reason, act, and interact for us. We need to solve the trust and security issues inherent in a future world where we’re constantly surrounded by connectivity and information. We need to consider what happens when tasks currently performed by humans can be automated into near invisibility. And we need to think about what it means to be human when ambient intelligence can satisfy our wants and needs before we express them, or before we even know that we have them.

There are incredible upsides to such a future, but there are also drawbacks. Let’s make sure we go there with our eyes wide open, and plan for the outcomes we want.

Download the Executive Brief: Enveloped by Ambient Intelligence

Ambient Intelligence thumb

To learn more about how exponential technology will affect business and life, see The Digitalist’s Digital Futures.


About Dan Wellers

Dan Wellers leads Digital Futures for SAP Marketing Strategy.

Recommended for you: