Security requires design and planning. While building on the cloud or on-premises data centers, it is necessary to establish a security system and related control methods, establish supporting security management processes and mechanisms, and establish a security awareness management system. Technological control methods, management processes, and organizational culture should be integrated into the construction of cloud infrastructure, business development, application deployment, and daily operations. The overall recommendations are as follows:
Assess the current organizational strategic objectives and the consistency with cloud business.
Evaluate the types of risks, the likelihood of occurrence, and the impact in the current cloud computing environment through consulting and risk assessment tools.
Evaluate architectural risks, management risks, and compliance risks.
Refer to the methodology to build a security system, including reference frameworks, technological control methods, and operational mechanisms.
Establish a security operation system to continuously identify risks, update and iterate security frameworks, and optimize technological control methods.