"Why going to the cloud means more work for security not less, shared responsiblity is 100% your problem - Am I going to treat this like a green field, or the next dumpster to throw the data, systems, and stuff we can’t deal with in real life? - What are my expectations? (planning, timing, longevity, migration, business, etc.)- Will we use it as an enclave to simply separate developers from anything else, or vice-versa, OR will we take a stance and work with ALL the teams to build it out successfully?- DOES my cloud governance align with the rest of my business and technology policies and goals?- AM I willing to implement the recommendations that most cloud providers offer TO make things safer and more secure?- Can I manage the audit and compliance of a new world, and HOW will I integrate it?- Speaking of integration, WILL my business and technology actually function IN/WITH the cloud?- The cloud is MUCH more than someone else’s computers OR a spare data centre, but it still has to live somewhere, so WHERE does it live, and HOW do you get to it?- Where’s YOUR staff, how do they talk with the cloud, what controls, management, etc.- How much control will I have over my data in YOUR cloud?- Who’s got access TO my little slice of the cloud, hardware, system, bare metal, data, etc.- How do I (OR who’s going to) monitor YOUR cloud infrastructure, and MY systems for access, etc. - And if it’s on your side, do I get to see the logs - What’s the charges FOR monitoring - SLA’s etc?- Who’s managing the encryption for my data, if it’s YOU then where’s my key’s if it’s me what help etc.- I don’t want to catch cooties from YOUR other clients, how to you maintain separation/segmentation?- What options exist to backup my data, my configs, and what happens if YOUR systems go down?- What areas of the technology, services, systems, and environments fall into shared responsibilities? - Who has to deal with what when it goes wrong - Who get’s to point fingers, and who has to fix things (AND what timeframe, etc.)- ALL my data belongs to YOU… what happens about uptime, distribution, redundancy, AND company stability. - Technology roadmap in here too - What dependencies, partnerships, and vendors do THEY rely upon?- Let’s talk security, compliance, regulatory stance, etc. What do you have, AND how do you maintain it?- When we fall OUT of love, what happens, how do I migrate, what options are out there (and costs, etc.)"
