The Challenge

Cloud computing options are multiplying and adoption is increasing. As cloud transforms IT, organizations can reduce costs, gain agility and pursue new business strategies essential to their mission or competitiveness in the future. But security continues to be a concern. Some enterprises move with excessive risks, others hold back from clear and present opportunity. Many enterprises don’t yet have a mature security governance and architecture model for securing cloud environments. They have difficulty assessing the risk of cloud computing, or determining how to interface their internal security tools and processes with those of cloud service providers (CSPs). Some haven’t discovered the extent of cloud adoption by internal business units and receive negative findings from security audits. Organizations with any of the above cloud security issues must soon resolve them to move forward safely and successfully.

Consulting Capabilities

  • Understand a broad spectrum of peer enterprise customer issues in cloud security
  • Offer an objective, independent perspective for your organization
  • Educate or facilitate decisions by a cloud security team
  • Assess current state in cloud security and map out reasonable and prudent future states
  • Develop an effective architecture and roadmap for all cloud security program components 
  • Specify or evaluate strategies, designs, vendors and providers for secure public cloud, private cloud and hybrid cloud infrastructure, applications and services


  • Understand the cloud computing risks, and risk management approaches, as they pertain to the business
  • Coordinate cloud security strategy with IT and other enterprise stakeholders
  • Identify cloud use cases, architecture patterns, regulatory issues and internal/external dependencies
  • Develop cloud security architecture including enabling private or public infrastructure, policies and processes
  • Develop cloud service provider (CSP) partnering strategies and assessment criteria
  • Create a roadmap to protect existing dependencies on cloud, enable “low hanging fruit” opportunities, and move towards the target cloud security architecture
  • Prepare for internal or external audits and assessments of your ability to manage cloud security risks