A Crash Course in Cloud Security [Webinar Recap]

"The cloud" is a trendy buzzword that too often is thrown around without any truly helpful information. Such as, what is the cloud exactly? How do you effectively vet options when the old criteria just isn't relevant? What's the real risk of using a SaaS (Software as Service) platform? What level of security do you really need? 

We often don't know what we don't know when it comes to technology innovations, we're not sure which pieces of the puzzle we might be missing; making it difficult to determine what kind of questions we should ask potential providers.

Which is why we decided to team up with our friends at Lockton Benefit Group, including Ron Conine Manager of HR Technology and Outsourcing, and Brad Mandacina Director of HR Technology & Outsourcing. As seasoned technology and consulting experts, they fully grasp the importance of weighing all the critical factors and choosing solutions that are secure, flexible, and easy to implement. 

Together, we created a free, one hour webinarDefining Due Diligence: How to Move to the Cloud Safely covering the basics of cloud security, a "crash course" if you will. 

Learn how to move to 'The Cloud' safely

We covered: 

  • The fundamentals of cloud/SaaS security
  • Common misconceptions about the cloud
  • Expert advice on the top things to consider when shopping for solutions
  • Recommended security questions to include in your questionnaire/RFP
  • How to leverage technology to find your next cloud provider, faster 

See some of the pull quotes and presentation highlights from the webinar below. 


Step 1: identify what you need

There's a lot of misconceptions about SaaS and the "cloud" because storage systems have fundamentally, and radically changed over the last 50 years. 
*Image credit: Lockton Companies
The goal is to be neither close-minded about new technology, nor naive. Because there is such a low barrier to entry, and anyone can create a software product, we have to be really diligent about vetting our vendors. 
"Don't be afraid of the cloud, but do understand the critical factors involved."
- Dave Hulsen
Cloud security - know what you need.jpg
We also need to make sure we've conferred with all our stakeholders and clearly identified our unique needs. Writing a formal Request for Proposal is a great way to make sure you've methodically tackled your objectives.

Cloud security.jpg

Step 2: service vs. responsibility

The key difference between on-premise and off-premise, aka "the cloud" is the amount of control (configurability vs. customization) and the amount of responsibility. 
Our own Dave Hulsen co-presented the webcast, and he likened the difference between on-prem and off-prem to renting vs. owning a home. While you have more control over a home you own, conversely you're responsible for absolutely everything

Service_or_Responsbility.png*Image credit: Lockton Companies
Conine used a similar analogy, comparing on-prem to making a meal from scratch vs. having one made for you (off-prem).

Lockton illustrated this point with a great chart spelling out exactly who does what on each type of platform. 
 On_Prem_vs._Off_prem_responsibilitiesjpg*Image credit: Lockton Companies

Step 3: move to the cloud safely

Essentially, it all boils down to clearly identifying your needs, knowing which factors are most critical, and asking the right type of questions to make sure your data will be secure. 
Download the webinar below for a more in depth look at on-prem vs. off-prem, as well as recommended questions to include in your questionnaires and RFPs.
Move to the cloud safely.png
Learn how to move to 'The Cloud' safely
Lockton also did a brilliant job answering the questions that were sent in from the audience during the webinar. See them here
They gave great tactical advice for the practical questions we all have about moving to the cloud like: 
  • What’s the most common mistake you see as people vet cloud-based providers? 
  • How do you help stakeholders get over the fear of off-premise solutions? 
  • When is off-premise simply not a viable option? 
  • What groups within my organization do I need to on-board? (Who needs to be involved in making these decisions?)