Five Cloud Security Tips

Five Cloud Security Tips

Cloud Security Tips

Cloud computing has created a new model that offers the possibility of elastic and flexible computing environments for software, infrastructure, and development platforms with reduced costs and quicker time to value than traditional in-house solutions. So with these benefits in mind, you might wonder why everyone isn’t riding the cloud wave. The main impediment to cloud growth continues to be that of security concerns covering a broad spectrum of issues, including:

  • risk and audit posture of the cloud provider;
  • proliferation of data within the cloud;
  • lack of control.

Perceived security challenges aside, it’s certainly possible to enjoy the benefits of cloud while actively managing the associated risks. To this end, we offer the following tips and advice to readers considering a cloud computing solution:

  • Think strategically: Not all workloads are created equal; careful consideration must be given to each workload before determining its appropriateness for movement into the cloud. Organizations must understand the governance and security requirements for each proposed workload and then validate whether or not they can be met within the cloud environment. It is only through this selective evaluation process that you can help avoid audit exposure and control the proliferation of data, which may be subject to a variety of differing controls and residency requirements.
  • Establish clearly defined roles and responsibilities: When adopting public and hybrid cloud solutions, the relationship between consumer and service provider most closely resemble that of a traditional IT outsourcing arrangement. As such, it is critical that each party has a clear understanding of their unique security obligations. For example, responsibility for securing software as a service offerings is largely the responsibility of the service provider because the solution is consumed as a packaged static application. On the other end of the spectrum is infrastructure as a service which exposes users to a greater responsibility for securing individual virtual machines.
  • Have a backup plan: Most public and private cloud solutions trade direct control for cost savings and efficiencies derived from the cloud’s economies of scale. Transferring control of specific IT functions to another party does not fully obviate responsibility for availability of key workloads. Organizations must consider the provider’s disaster recovery and restoration plans in the context of their specific needs, keeping in mind requirements for service availability, data backup, data residency, etc.
  • Establish metrics and test regularly: Reputable cloud providers should offer a variety of Service Level Agreements (SLAs) that might include metrics such as: availability, outage notification, service restoration, average time to resolve, notification of breaches, etc. Cloud providers should proactively report on SLA compliance and deliver agreed-upon remedies.

Organizations should also test the metrics and security protocols that the cloud provider has committed to deliver. This might include performing audits, assessments, and even penetration tests to ensure effectiveness. It’s critical to remember that maintaining a strong security posture is a continual process that doesn’t end at the borders of your network; it ends wherever your data resides.

  • Don’t forget the basics: All too often organizations spend time and money developing security strategies that employ the latest (and most expensive) technical controls while turning a blind eye towards the basics of risk assessment, policy development / enforcement, and continuous validation of established and required controls. A quick look at many of the security issues of 2011 reveal some consistent themes:

– breaches and outdated vulnerabilities go hand in hand;
– poor management and enforcement of policy contribute to making that possible;
– breaches are most damaging when organizations don’t understand their risk posture.

These security basics apply equally to cloud environments as they do to local and partner networks. It is the responsibility of your organization to ensure that security policies cover standards and controls for outsourced environments, and it must become common practice to follow-up with providers regularly to assess changes.

Organizations should not shy away from cloud computing because of security and compliance concerns. Instead, they should look at cloud as a strategic way to bring the benefits of new technology to bear, and take the time and effort necessary to do so in a controlled manner. With careful planning and appropriate due diligence, we believe that some purpose-built cloud environments can be more secure than their local, single tenant counterparts.

By Jason Hilling – Manager, Strategy and Enablement, IBM Security Services

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
How Secure Is Your School Campus Network?

How Secure Is Your School Campus Network?

School Networks School related networks are one of the most attacked sectors today, coming in third worldwide to healthcare and retail. Because of the ever growing threat of cybercrime, IT professionals everywhere aren’t thinking in terms of “what if our network gets attacked?” Now, they think in terms of “when will our network be attacked?”…

IBM and VMware Expand Partnership to Enable Easy Hybrid Cloud Adoption

IBM and VMware Expand Partnership to Enable Easy Hybrid Cloud Adoption

IBM and VMware Expand Partnership More than 500 new clients, including Marriott International are now running VMware software on IBM Cloud since the strategic cloud partnership was announced;Introduction of VMware Cloud Foundation on IBM Cloud helps move existing apps to the cloud within hours; More than 4,000 IBM service professionals trained to help organizations extend…

Fully Autonomous Cars: How’s It REALLY Going To Work?

Fully Autonomous Cars: How’s It REALLY Going To Work?

Pros and Cons and What the Experts Think Science fiction meets reality, and modern civilization is excitedly looking forward to the ubiquity of self-driving cars. However, an omnipresence of fully autonomous cars won’t happen as quickly as even some hopeful experts anticipate. While the autonomous car pros versus the cons race (See infographic discovered via…

The Lighter Side Of The Cloud – Bottlenecking

The Lighter Side Of The Cloud – Bottlenecking

By David Fletcher Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via @cloudtweaks) to our original comic sources is greatly appreciated.

Recent Articles - Posted by
Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

What You Need To Know About Choosing A Cloud Services Provider

What You Need To Know About Choosing A Cloud Services Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The cloud is capable of delivering many benefits, enabling greater collaboration, business agility, and speed to market. Cloud adoption in the enterprise has been growing fast. Worldwide spending on public cloud services will grow at a…

Get Ready For Virtual Reality and the Cloud

Get Ready For Virtual Reality and the Cloud

Virtual Reality Cloud We’re lucky to live in an era where virtual reality is no longer relegated to the confines of a sci-fi movie universe. Thanks to technology introduced by products like Oculus Rift, consumers now have access to virtual environments with fully immersive graphic capabilities. As a result, companies have only just begun to…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

The Age of Data: The Era of Homo Digitus

The Age of Data: The Era of Homo Digitus

The Age of Data In our digital era data deluge – soaring amounts of data, is an overriding feature. That’s why it’s fitting to focus on the concept of Homo Digitus, which I first learned about about in“The creative destruction of medicine: How the digital revolution will create better health care,” by Eric Topol, and…

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Driven by Cloud, Big Data and IoT

Digital Marketing Successful digital marketing campaigns are being driven largely by trending technologies, specifically the Internet of Things (IoT), Big Data, and The Cloud. These may be used for a huge number of marketing applications, from optimizing the performance of sports teams to improving science and research, even helping to aid law enforcement. Amazon Web…

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most Cloud computing is rapidly revolutionizing the way we do business. Instead of being a blurry buzzword, it has become a facet of everyday life. Most people may not quite understand how the cloud works, but electricity is quite difficult to fathom as well. Anyway, regardless of…

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud With the results of Cisco Global Could Index: 2013-2018 and Hosting and Cloud Study 2014, predictions for the future of cloud computing are notable. Forbes reported that spending on infrastructure-related services has increased as public cloud computing uptake spreads, and reflected on Gartner’s Public Cloud Services Forecast. The public cloud service…

15 Cloud Data Performance Monitoring Companies

15 Cloud Data Performance Monitoring Companies

Cloud Data Performance Monitoring Companies (Updated: Originally Published Feb 9th, 2015) We have decided to put together a small list of some of our favorite cloud performance monitoring services. In this day and age it is extremely important to stay on top of critical issues as they arise. These services will accompany you in monitoring…

Cloud Infographic – What Is The Internet of Things?

Cloud Infographic – What Is The Internet of Things?

What Is The Internet of Things? “We’re still in the first minutes of the first day of the Internet revolution.”  – Scott Cook The Internet of Things (IOT) and Smart Systems are based on the notions of Sensors, Connectivity, People and Processes. We are creating a new world to view and measure anything around us through…

Disaster Recovery And The Cloud

Disaster Recovery And The Cloud

Disaster Recovery And The Cloud One of the least considered benefits of cloud computing in the average small or mid-sized business manager’s mind is the aspect of disaster recovery. Part of the reason for this is that so few small and mid-size businesses have ever contemplated the impact of a major disaster on their IT…