So how do you have a conversation around the cloud when there are trust issues among your staff and even senior leaders? Create a cloud security checklist For Schliep, he uses cloud services, but only if the vendor can answer his questions and he’s convinced they’re more secure than his agency. “It all comes down to data,” and having policies and practices in place to protect it, he said.
Amos advises agencies to start early
Involve the right people in cloud conversations when considering cloud options for HR and finance. Do your market research before engaging in a formal purchasing process, she said, and don’t be afraid to ask vendors to show you what they can do. People tend to think that if I put all my solutions in a local data center, it has to be more secure than if the data is in the cloud,” Amos said. But that’s not always the case. One of the biggest challenges agencies face is that legacy systems can’t be retrofitted with modern security measures.
At Workday for example the company
undergoes independent audits and makes those audit results available to customers under nondisclosure agreements. Workday also ig database complies with government and international security standards. “Security is the lifeblood of our business,” Amos said. “The cloud is in everything we do.” She advises agencies to look for a company that will be a good partner.
When it comes to solutions, choose those
that can be configured to meet your unique business processes. For WorkdaySchliep offers planning, recruiting, payroll and other solutions, all of which are wasting time in a positive way available through cloud-native, rather than on-premises, clouds. That means custom code isn’t an option, as is often the case with on-premises solutions. For agencies considering the cloud, Schliep shared a checklist he reviews with potential vendors.
The checklist covers every aspect before
during and after using cloud services. Key questions include: How often do you conduct audits? Do you notify the agency when you find an issue? Do you have physical security measures in place? Are there controls in place to ensure other tenants can’t access age rich data ncy data? Is there an incident response plan? Schliep said agencies should always ask vendors how easy it is to get data out of the cloud, and then they should test it to verify the vendor’s claims.