A Systematic Approach To Reducing Cloud Risks

Organizations should not retrofit security policies intended for on-premises systems said Ashraf Motiwala, chief technology officer and co-founder of Identropy, an identity and access management and managed services consultancy. Motiwala, whose firm partners with Netskope to help discover unauthorized cloud applications also known as shadow-IT, has had success helping businesses identify data flow and setting and enforcing policies to control sensitive data to meet compliance mandates. The goal is to help organizations design and maintain a cloud security vision and strategy. Rather than focusing on a technology alone, the service provider's SaaS advisory services also assesses processes, data flow and policies to provide a roadmap that a business can implement over time. Motiwala described the five steps his firm generally takes to assess cloud risks.