When it comes to cloud computing, contract terminations can occur for a number of reasons. Due diligence requires companies to lay out an exit plan for what happens if a cloud provider does not work out as expected. When a cloud vendor relationship eventually ends — and they always do — the primary security-related focus for an exit plan is to protect your company data during the transition from the cloud environment.
What to Include in Your Cloud Provider Exit Plan
Termination and disposal are part of any contract closeout, which may include wiping or decommissioning IT assets. Particular emphasis should be placed on proper preservation of the data that is stored, transmitted or processed within the cloud so that the data is effectively migrated or archived in accordance with applicable records management policies and regulations.
An exit plan should determine the required actions for the disposal of your data, which includes:
Identifying how the removal of the cloud vendor service affects other IT assets and your company’s needs, such as customers and customer relationships, business support activities, and technical support teams;
Determining whether there are any security controls inherited from the IT assets being decommissioned and how or if these controls will continue to be supported;
Addressing the preservation and transfer of data, IT assets and intellectual property in accordance with your record retention policy and any other legal or compliance requirements;
Implementing all security controls that address IT asset termination and disposal to include media sanitization, configuration management and change control;
Identifying all locations where data is/was stored and taking appropriate sanitization steps; and
Updating IT ass ..
Support the originator by clicking the read the rest link below.
