Asim (and others), the Cloud Working Group of the Object Management Group (https://www.omg.org/cloud) offers, under the tab "Published Deliverables," a collection of about 30 documents written and updated over the last 9 years that relate in some way or another to your question. Start with the "Practical Guide to Cloud Computing V3.0" and go from there.
OMG and CSA have a liaison agreement, and we are committed to work together on current and future projects. While CSA's mission is of course focused on security, OMG's Cloud Working Group (founded in 2011 as the Cloud Standards Customer Council, or CSCC) addresses a broader spectrum of concerns, including the business case for cloud, the proper contents (and "gotchas") of cloud service agreements, privacy and residency issues (which are related to security but aren't exactly the same), the migration process, etc.
All those documents can be freely downloaded from the website mentioned above.And if you have comments or questions, feel free to let me know, either here or at
[email protected].
Since Kevin mentioned Gartner, I'll add that they're indeed expensive, and IMHO often give you fairly generic governance advice, using big words to make you think that everything they write is new and unique. Whenever a certain concept seems to lose traction (i.e., does not attract people to pay a lot of money to go to their conferences anymore), they just invent a new term, with the associated three-letter acronym, in order to make you come to another conference on the same warmed-up topic. I hope no one from Gartner read this paragraph, but I'm known for my candor :-). I was actually a good Gartner client for a number of years, mostly happy except when I received the invoices, and appreciated their information in my early years as IT Director (circa 1997). I had high esteem for several of their "research directors" (it seems every person at Gartner is a research director) who really knew their stuff, although I could embarrass some of them now by quoting back to them some forecasts they made that turned out to be completely wrong. Once I had learned a lot for several years, from them and others, the cost/benefit ratio became much less favorable.
You'll get a lot for free from our documents (both CSA and OMG)... We also (OMG) have quarterly meetings (one is coming up on Sep. 16, I think it's from 10 am to 3 pm Eastern US time), which you are welcome to attend -- let me know at the same address and I can invite you by putting you on our mailing list. You can also go to omg.org --> Events --> Q3 meeting --> Agendas --> Cloud Working Group, but the details and the GoToMeeting links are not posted yet (they should be by tomorrow).
------------------------------
Claude Baudoin
Owner & Principal Consultant
Cébé It & Knowledge Management
------------------------------
Original Message:
Sent: Sep 04, 2020 12:38:20 PM
From: Asim Masood
Subject: Cloud Strategies
Dear CSA Community Members,
I hope all are doing well.
I have recently joined and this is my first post.
I'm looking to see if anyone has a list or document that has inputs to be considered or do's & don'ts for cloud strategy to be considered?
For example, few considerations can be application risk ratings, data classifications, data localization.
I appreciate your help.
Thanks,
Best Regards,
Asim
------------------------------
Asim Masood CISA, CISSP, CRISC, CCSK, CDPSE
Lehigh Valley, PA
------------------------------