Cloud communications between the provider, its customers, its Vendors and its suppliers is critical for any environment. When you add the cloud to the mix, communication becomes even more central as a success factor overall.
What is The Five Ws and One H method?
The need to identify the five Ws and the one H about communication is important because the ability to do so directly affects the level of success that will be achieved with aligning the cloud-based solution architecture and the needs of the enterprise.
In addition, the ability to successfully drive and coordinate effective governance across the enterprise is influenced by the success or failure of these communication activities.
Here are the five Ws and the one H of communication:
- Who: Who is the target of the communication?
- What: What is the communication designed to achieve?
- When: When is the communication best delivered or most likely to reach its intended target?
- Where: Where is the communication pathway best managed?
- Why: Why is the communication being initiated in the first place?
- How: How is the communication being transmitted, and how is it being received?
The ability to ensure clear and concise communication, and, as a result, alignment and achievement of goals, relies on the ability to manage the five Ws and the one H of communication.
As a Cloud security professional , you must drive communication in the enterprise and through the ecosystem that it supports to ensure the long-term survivability of the enterprise architecture is constantly examined, discussed, and provided for
How Cloud service provider do communications with Vendors and Partners?
Establish communication paths with all partners that will consume or support cloud services in the enterprise. Identify and document all partner organizations, ensuring that the relationships between the partner and the enterprise are clearly understood.
For example, if a partner is engaged through a federated relationship with the enterprise, they will have a different level of access to cloud services and systems than a non federated partner.
Make sure that there is a clearly defined onboarding process for all partners, allowing the partner to be thoroughly vetted before granting access to any systems.
While the partnership is in force, make sure the partner is managed under the existing security infrastructure as much as possible to ensure that access by exception is avoided at all costs.
This ensures that the partner’s access and activities are managed and examined according to the existing policies and procedures already in place for the organization’s systems and infrastructure.
When the partnership is terminated, ensure that there is a documented and well-understood, and communicated off-boarding policy and procedure in place to effectively and efficiently terminate the partner’s access to all enterprise systems, cloud, and non-cloud-based, that the partner had been granted access to.
It’s important to understand the capabilities and policies of your supporting vendors.
Establish and test emergency communication paths with all vendors.
Categorizing, or ranking, a vendor/supplier on some sort of scale is critical when appropriately managing the relationship with that vendor/supplier.
Strategic suppliers are deemed to be mission-critical and cannot be easily replaced if they become unavailable.
Although you will typically do business with very few of these types of partners, they are the most crucial to the success or failure of the enterprise cloud architecture.
Commodity suppliers, on the other hand, provide goods and services that can easily be replaced and sourced from a variety of suppliers if necessary
How Cloud service provider do communications with Customers?
Organizations have internal customers and external customers.
Both customer segments are important to the success of any cloud environment because both are typically involved in the consumption of cloud services in some way.
Having a good understanding of the customer audience being addressed by the cloud is important because different audiences consume differently, with different needs, goals, and issues that have to be documented, understood, managed, and tracked over the lifecycle of the cloud environment.
If individual responsibilities are not clearly stated, the customer may assume the provider has responsibility for a specific area that may or may not be correct.
This can lead to confusion and present legal and liability issues for both the customer and the provider if not addressed clearly and concisely.
What is the SLAs?
As we have mentioned in prior domains, SLAs are a form of communication that clarifies responsibilities.
Appropriate SLAs should be in place to manage all services being consumed by each customer segment.
These SLAs must define the service levels required by the customer as well as the customer’s specific metrics, which vary by customer type and need.
Some metrics that SLAs may specify include these:
- What percentage of the time services are available
- The number of users that can be served simultaneously
- Specific performance benchmarks to which actual performance is periodically compared
- The schedule for notification in advance of network changes that may affect users
- Help/service desk response time for various classes of problems
- Remote access availability
- Usage statistics that are provided
How Cloud service provider do communications with Regulators?
Early communication is essential with regulators when developing a cloud environment.
As a Cloud security professional, you are responsible for ensuring that all infrastructure is compliant with the regulatory requirements that may apply to the enterprise.
These requirements vary greatly based on several factors such as geography, business type, and services offered.
However, if regulatory standards or laws have to be implemented or adhered to, you need to understand all the requirements and expectations of compliance to ensure the enterprise can prove compliance when asked to do so.
How Cloud service provider do communications with Other Stakeholders?
During the communication process, additional parties may be identified for inclusion in regular or periodic communications.