Fit approved services with your other technology
It might make sense to integrate public cloud services with your other information and communications technology (ICT). Or, it might not. Find out what to do in both cases.
Integrate when it makes sense
Some public cloud services will need to be fitted with your organisation’s ICT.
This might involve:
- directory federation
- configuring the network and firewall
- automating data transfers.
Exceptions to integration
It might not make sense to fit some approved services to your other technology. It depends on:
- the resources available
- if there are a low number of users
- whether it’s low-risk information.
What to do when you do not integrate
When you do not fit public cloud services with your other technology, you need to have a plan for:
- access to the system when users arrive in and leave the organisation
- maintaining a copy of the information that lives in the services — if the information is considered a public record or otherwise needed by your organisation.
How to integrate the approved services
You need to go through your organisation’s change management processes.
You might also need to:
- review that part of your enterprise architecture
- get approval from your ICT team — following their risk management.
Match your effort to the risk level
Much like risk assessments, focus your resources on services that have either high-risk information, many users, or both.
Tips for right-sizing your risk assessment
Set up security controls and APIs
For newly approved public cloud services, put in place your organisation’s:
- security controls, where appropriate
- application programming interfaces (APIs).
How to keep up network integration
When appropriate, add approved public cloud services to your organisation’s:
- application life cycle management
- software development life cycle
- security management tools
- any other processes that apply to your organisation’s context.
Utility links and page information
Last updated