The Inner Circle

Expand all | Collapse all

Cloud Strategies

  • 1.  Cloud Strategies

    Posted 17 days ago
    Dear CSA Community Members,

    I hope all are doing well.

    I have recently joined and this is my first post.

    I'm looking to see if anyone has a list or document that has inputs to be considered or do's & don'ts for cloud strategy to be considered?

    For example, few considerations can be application risk ratings, data classifications, data localization.

    I appreciate your help.


    Best Regards,


    Lehigh Valley, PA

  • 2.  RE: Cloud Strategies

    Posted 14 days ago

    Gartner is usually my go to place... they do have free content but unfortunately their best is in the subscription service..

    Have a look at to get you going.   (also webinar in the post to watch)


    Kevin Stander

  • 3.  RE: Cloud Strategies

    Posted 14 days ago
    Asim (and others), the Cloud Working Group of the Object Management Group ( offers, under the tab "Published Deliverables," a collection of about 30 documents written and updated over the last 9 years that relate in some way or another to your question. Start with the "Practical Guide to Cloud Computing V3.0" and go from there.

    OMG and CSA have a liaison agreement, and we are committed to work together on current and future projects. While CSA's mission is of course focused on security, OMG's Cloud Working Group (founded in 2011 as the Cloud Standards Customer Council, or CSCC) addresses a broader spectrum of concerns, including the business case for cloud, the proper contents (and "gotchas") of cloud service agreements, privacy and residency issues (which are related to security but aren't exactly the same), the migration process, etc.

    All those documents can be freely downloaded from the website mentioned above.And if you have comments or questions, feel free to let me know, either here or at

    Since Kevin mentioned Gartner, I'll add that they're indeed expensive, and IMHO often give you fairly generic governance advice, using big words to make you think that everything they write is new and unique. Whenever a certain concept seems to lose traction (i.e., does not attract people to pay a lot of money to go to their conferences anymore), they just invent a new term, with the associated three-letter acronym, in order to make you come to another conference on the same warmed-up topic. I hope no one from Gartner read this paragraph, but I'm known for my candor :-). I was actually a good Gartner client for a number of years, mostly happy except when I received the invoices, and appreciated their information in my early years as IT Director (circa 1997). I had high esteem for several of their "research directors" (it seems every person at Gartner is a research director) who really knew their stuff, although I could embarrass some of them now by quoting back to them some forecasts they made that turned out to be completely wrong. Once I had learned a lot for several years, from them and others, the cost/benefit ratio became much less favorable.

    You'll get a lot for free from our documents (both CSA and OMG)... We also (OMG) have quarterly meetings (one is coming up on Sep. 16, I think it's from 10 am to 3 pm Eastern US time), which you are welcome to attend -- let me know at the same address and I can invite you by putting you on our mailing list. You can also go to --> Events --> Q3 meeting --> Agendas --> Cloud Working Group, but the details and the GoToMeeting links are not posted yet (they should be by tomorrow).

    Claude Baudoin
    Owner & Principal Consultant
    Cébé It & Knowledge Management

  • 4.  RE: Cloud Strategies

    Posted 12 days ago
    Hi Asim!
    If you haven't read it yet, a good doc to start with from CSA is the Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. It covers the best practices and recommendations from Cloud Security Alliance members, working groups, and the industry experts within our community.

    Key Takeaways it Covers:
    • Cloud Computing Concepts and Architectures
    • Governance and Enterprise Risk Management
    • Legal Issues, Contracts and Electronic Discovery
    • Compliance and Audit Management
    • Information Governance
    • Management Plane and Business Continuity
    • Infrastructure Security
    • Virtualization and Containers
    • Incident Response
    • Application Security
    • Data Security and Encryption
    • Identity, Entitlement and Access Management
    • Security as a Service
    • Related Cloud Technologies

    Elisa Morrison