Five Tips for Cloud Security

Five Tips for Cloud Security

Cloud computing has created a new model that offers the possibility of elastic and flexible computing environments for software, infrastructure, and development platforms with reduced costs and quicker time to value than traditional in-house solutions. So with these benefits in mind, you might wonder why everyone isn’t riding the cloud wave. The main impediment to cloud growth continues to be that of security concerns covering a broad spectrum of issues, including:

  • risk and audit posture of the cloud provider;
  • proliferation of data within the cloud;
  • lack of control.

Perceived security challenges aside, it’s certainly possible to enjoy the benefits of cloud while actively managing the associated risks. To this end, we offer the following tips and advice to readers considering a cloud computing solution:

  • Think strategically: Not all workloads are created equal; careful consideration must be given to each workload before determining its appropriateness for movement into the cloud. Organizations must understand the governance and security requirements for each proposed workload and then validate whether or not they can be met within the cloud environment. It is only through this selective evaluation process that you can help avoid audit exposure and control the proliferation of data, which may be subject to a variety of differing controls and residency requirements.
  • Establish clearly defined roles and responsibilities: When adopting public and hybrid cloud solutions, the relationship between consumer and service provider most closely resemble that of a traditional IT outsourcing arrangement. As such, it is critical that each party has a clear understanding of their unique security obligations. For example, responsibility for securing software as a service offerings is largely the responsibility of the service provider because the solution is consumed as a packaged static application. On the other end of the spectrum is infrastructure as a service which exposes users to a greater responsibility for securing individual virtual machines.
  • Have a backup plan: Most public and private cloud solutions trade direct control for cost savings and efficiencies derived from the cloud’s economies of scale. Transferring control of specific IT functions to another party does not fully obviate responsibility for availability of key workloads. Organizations must consider the provider’s disaster recovery and restoration plans in the context of their specific needs, keeping in mind requirements for service availability, data backup, data residency, etc.
  • Establish metrics and test regularly: Reputable cloud providers should offer a variety of Service Level Agreements (SLAs) that might include metrics such as: availability, outage notification, service restoration, average time to resolve, notification of breaches, etc. Cloud providers should proactively report on SLA compliance and deliver agreed-upon remedies.

Organizations should also test the metrics and security protocols that the cloud provider has committed to deliver. This might include performing audits, assessments, and even penetration tests to ensure effectiveness. It’s critical to remember that maintaining a strong security posture is a continual process that doesn’t end at the borders of your network; it ends wherever your data resides.

  • Don’t forget the basics: All too often organizations spend time and money developing security strategies that employ the latest (and most expensive) technical controls while turning a blind eye towards the basics of risk assessment, policy development / enforcement, and continuous validation of established and required controls. A quick look at many of the security issues of 2011 reveal some consistent themes:

– breaches and outdated vulnerabilities go hand in hand;
– poor management and enforcement of policy contribute to making that possible;
– breaches are most damaging when organizations don’t understand their risk posture.

These security basics apply equally to cloud environments as they do to local and partner networks. It is the responsibility of your organization to ensure that security policies cover standards and controls for outsourced environments, and it must become common practice to follow-up with providers regularly to assess changes.

Organizations should not shy away from cloud computing because of security and compliance concerns. Instead, they should look at cloud as a strategic way to bring the benefits of new technology to bear, and take the time and effort necessary to do so in a controlled manner. With careful planning and appropriate due diligence, we believe that some purpose-built cloud environments can be more secure than their local, single tenant counterparts.

Contribution By Jason Hilling – Manager, Strategy and Enablement, IBM Security Services

Follow Us!


Established in 2009, is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

2 Responses to Five Tips for Cloud Security

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery

The Power Of Cloud Disaster Recovery Preventing a Cloud Disaster is one thing. Recovering from a disaster is a whole other area of concern. Today’s infographic provided by CloudVelox outlines some best practices and safeguards in order to help your business make more informed decisions. About Latest Posts Follow Us!CloudTweaksEstablished in 2009, is recognized…

Cloud Infographic – Interesting Big Data Facts

Cloud Infographic – Interesting Big Data Facts

Interesting Big Data Facts You Didn’t Know The term Big Data has been buzzing around tech circles for a few years now. So much, in fact, that you’re probably getting sick of hearing about it. Here are some interesting facts you might not know about big data via The Visual Capitalist: Big Data got its start in…

Big Data Analytics Adoption

Big Data Analytics Adoption

Big Data Analytics Adoption Big Data is an emerging phenomenon. Nowadays, many organizations have adopted information technology (IT) and information systems (IS) in business to handle huge amounts of data and gain better insights into their business. Many scholars believe that Business Intelligence (BI), solutions with Analytics capabilities, offer benefits to companies to achieve competitive…

Cloud Computing and Social Networks

Cloud Computing and Social Networks

Pushing Innovation With Social Networks There was a time when storage space was a precious commodity. A few videos and photographs and the system would be gasping for breath in old PCs’ limited storage space. 10 Years ago, today’s top social networking sites would have broken down under the burden of the heavily visual traffic…

PaaS And IaaS: Rising Champions Of Cloud Computing

PaaS And IaaS: Rising Champions Of Cloud Computing

PaaS and IaaS: Rising Champions of Cloud Computing In the cloud conversation, Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) appear much less than the famed Software as a Service (SaaS). This is not surprising when you consider that a world already populated with built platforms and infrastructure has but to operate…



Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7

Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.


CloudTweaks Media
Phone: 1 (212) 763-0021

Branded Content Programs