ABSTRACT
Last week you received a meeting invitation from a manager in one of your organization’s most critical and sensitive areas. e meeting seems to be related to a routine software vendor visit, and the manager is looking for someone to represent the information security team. You think to yourself, “No problem, I have done this a hundred times over the years.” Ten minutes into the meeting, you realize the vendor only offers their application as a cloud service, and the organizational area is extremely excited by the cloud provider’s claims of speed of delivery, ease of implementation, customer control, and minimal internal information systems requirements. e application will contain some of the organization’s most sensitive data. e vendor finishes their presentation and opens the discussion for questions. Everyone looks pleased, and then the focus turns to you and there is an awkward silence. Perhaps you should have done your homework on cloud architecture, service models, deployment models, and security implications.
