3. Outsource responsibility responsibly. Use the tools that are there to protect your organization against risks -- contracts, governance frameworks, due diligence procedures, and insurance policies.
4. Put your prospective supplier under the microscope. Find out who within the supplier organization will have access to your data; ask for audit logs, details of compliance certification, or info about a recent audit that they can share.
5. Prepare for cloud culture. The automated interface of many cloud services can feel alien to IT departments used to dealing with people within supplier organizations. Procurement, legal or commercial teams can also find the pay-as-you-go contracting model of cloud services demanding. Work to help these teams understand the value of the cloud, or they may become strategic barriers.
6. Protect your data. Use strong authentication. Encrypt your data when stored and transmitted and keep access to your encryption keys within your organization. Make sure data no longer needed is permanently erased from computer memory and storage.
7. Prepare to prevent DDoS attacks. Attack via denial of access to legitimate users is relatively common. However, with the right planning, cloud systems are highly resilient against simple flood attacks and excel at ramping up more bandwidth and resources in the face of gigabytes of malicious traffic.
8. Review regularly. Seek independent audits of suppliers' offerings to ensure they are still the best-in-class and best fit for your needs. Test your systems and procedures, and remember to review the human elements, too.
Ultimately, the benefits of moving to cloud architecture are widely accepted and potentially huge: increased agility due to rapid provisioning and de-provisioning of resources, significantly reduced capital expenditure and fixed costs, easy availability of services to a mobile workforce, less time spent managing technology and software and more time spent managing information and data to drive business innovations. But the key, of course, is to strategically and effectively manage the inherent security challenges.
BT is one of the world's leading providers of communications services and solutions, serving customers in more than 170 countries. Its principal activities include the provision of networked IT services globally; local, national and international telecommunications services to its customers for use at home, at work and on the move; broadband and Internet products and services and converged fixed/mobile products and services.
Sign up for CIO Asia eNewsletters.