As we have mentioned in previous posts, when choosing to move from a hardware-based infrastructure to virtual desktop services, it’s vital to have a comprehensive plan in place before deployment, especially if your business is one that needs to adhere to certain regulations. One of the issues that seem to be overlooked at the moment is compliance, although this is something of a paradox as it would seem that cloud take-up has been slow in the past due to concerns around security. The way around this is to ensure that your business has policies and controls in place before they move to cloud-based services and businesses should work closely with their cloud provider to ensure that all of this is transparent from the beginning.
This means that in order to protect your company and ensure that you meet regulations which are relevant to it, you should equip yourself with enough information to ensure that your cloud provider is providing the information you need to give you insight into security processes and controls in order to ensure that your data meets the required standards.
Firstly you have to look at confidentiality, where your data is stored and how physically secure it is, disaster recovery programs that your supplier has put in place and the integrity and availability of the data that is being stored for your business.
Of course, this won’t apply to every business, especially smaller ones, but data protection laws and so forth still have to be adhered to, whatever the size of the organisation and is a bigger headache for larger corporations, hence the reluctance of take-up and the choice that some are making to work with hybrid solutions.
For larger organisations, and those that keep customer data such as contact and credit card details, logins etc. The Cloud Security Alliance (CSA) has guidelines for the best practices to follow when it comes to security assurance in the cloud.
The CSA is a non-profit organisation which was specifically formed to promote the best security practices within cloud computing. They identify the main areas that companies should consider before deployment to the cloud.
Risk readiness assessment – this involves determining how your provider will protect your sensitive data and what would be the outcome should this data become accessible to either an outside attacker or your service provider.
- Consider and ask if your provider meets current security standards for threat assessment, monitoring and continuity.
- Can your provider pass a regulatory audit and is it compliant with the regulations that apply to your business.
- Will you and/or auditors be able to access compliance reports generated by your provider?
With careful planning, as well as the assistance of your provider, you should be able to ensure that you meet compliance regulations before your company implements virtual desktop services.
As with anything in business, if you fail to plan, you plan to fail, so when you’re considering moving to hosted desktop services, treat it as you would your on-going company business plan.