Advisory Note: Secure your Cloud against Industrial Espionage - 70997

Securing your business against industrial espionage is about knowing your competitors and stopping your IP getting into their hands. In a Cloud environment you need to be considering all of the risks around Cloud provision, conflicts of interest, legal environments in remote locations, and of course having a third party processing and controlling your most sensitive information.

A vital consideration that needs to be made before committing to a Cloud solution is whether it needs to be done. Consider your requirements, do you need to take everything offsite, should you?

Use a recognised Risk Management methodology to define your assets and impact levels and threat actors. Treat the risks accordingly and apply Information Centric Security.

Your information is the most valuable asset your organisation has. Intellectual property in the hands of your competitors could signal the end of your business. Protect it at source and control for the entire information lifecycle from storage, transit and processing to destruction.

The most important means of applying preventative controls in a Cloud environment is encryption of sensitive information. This brings the added requirement of enterprise key management. Encryption and key management is a complex issue which needs proper planning and architectural consideration, but is vital for any project thinking of expansion into the Cloud...