Securing Cloud and Mobility by Ian Lim, E. Coleen Coolidge, Paul Hourani

As noted earlier, if your company is embarking on a major public cloud initiative (such as migration of your production infrastructure to the cloud or leveraging a software as a service (SaaS) for a business core function), conducting the cursory review is insufficient. The depth of the review process has to correspond with the significance of the public cloud use initiative. Per the cloud approval workflow, you should establish a set of defined criteria for when to conduct an in-depth assessment versus a cursory review.

The objective of the in-depth cloud assessment is to provide a thorough and grounded security evaluation of the incumbent cloud service provider (CSP) so that your decision makers ...