Definition of information/data governance:
Ensuring the use of data and information complies with organizational policies, standards and strategy including regulatory, contractual, and business objectives.
THE DATA SECURITY LIFECYCLE
https://www.securosis.com/blog/data-security-lifecycle-2.0
-Cloud-Security-Alliance/Untitled-521.png)
Due to all the potential regulatory, contractual, and other jurisdictional issues, it is extremely important to understand both the logical and physical locations of data.
RECOMMENDATIONS
- Determine your governance requirements for information before planning a transition to cloud. This includes legal and regulatory requirements, contractual obligations and other corporate policies. Your corporate policies and standards may need to be updated to allow a third party to handle data.
- Ensure information governance policies and practices extend to the cloud. This will be done through contractual and security controls.
- When needed, use the data security lifecycle to help model data handling and controls.
- Instead of lifting and shifting existing information architectures take the opportunity of the migration to the cloud to re-think and re-structure what is often the fractured approach used in existing infrastructure. Don’t bring bad habits.