Short Term

1. Develop Cloud Security overlay for cloud foundry
2. Perform holistic Cloud Security assessment (current state, gaps, future state)
3. Develop strategies / roadmap / plans for each domain within Cloud Security
4. Research Cloud and Cloud Security Solutions

Medium Term

1. Develop governance structure (sponsorship, stakeholders, funding)
2. Establish program to manage roadmap, initiatives and strategy changes
3. Establish Cloud Security Services Catalog
4. Establish Support Structure

Long Term

1. Secure transition to Hybrid Cloud

Actions

1. First action requires a review and approval of this strategy by IT management
2. Next develop an action plan for short term activities
3. Other actions articulated through this document:

• • Develop a Cloud Security Governance strategy
  • Start a Cloud Security Program
  • Continue to build and develop the Cloud Security IT Team
  • Mature Cloud Security Process Model
  • Provide recommendations for policy change
  • Provide guiding principles
  • Provide recommendations for dealing with corporate technology complexity and footprint
  • Provide recommendations to improve private Cloud Security by domain
  • Work with technology partners to influence the selection of platforms (hardware / software) that align with the IT Strategy.
  • Perform Holistic Cloud Security Assessment
    • Inventory current controls applicable to securing Private Cloud
      • Identify methods capabilities that align with the strategy
      • Identify methods / capabilities that align with the strategy
      • Identify the assurance levels achievable by the method
    • Use information to establish the inception of the Cloud Security Services catalog Identify gaps for meeting the strategy
    • Identify solutions to address gaps
  • Further develop strategy, roadmap and target state for Internal, on premise, private Cloud Security