Five Cloud Security Tips

Five Cloud Security Tips

Cloud Security Tips

Cloud computing has created a new model that offers the possibility of elastic and flexible computing environments for software, infrastructure, and development platforms with reduced costs and quicker time to value than traditional in-house solutions. So with these benefits in mind, you might wonder why everyone isn’t riding the cloud wave. The main impediment to cloud growth continues to be that of security concerns covering a broad spectrum of issues, including:

  • risk and audit posture of the cloud provider;
  • proliferation of data within the cloud;
  • lack of control.

Perceived security challenges aside, it’s certainly possible to enjoy the benefits of cloud while actively managing the associated risks. To this end, we offer the following tips and advice to readers considering a cloud computing solution:

  • Think strategically: Not all workloads are created equal; careful consideration must be given to each workload before determining its appropriateness for movement into the cloud. Organizations must understand the governance and security requirements for each proposed workload and then validate whether or not they can be met within the cloud environment. It is only through this selective evaluation process that you can help avoid audit exposure and control the proliferation of data, which may be subject to a variety of differing controls and residency requirements.
  • Establish clearly defined roles and responsibilities: When adopting public and hybrid cloud solutions, the relationship between consumer and service provider most closely resemble that of a traditional IT outsourcing arrangement. As such, it is critical that each party has a clear understanding of their unique security obligations. For example, responsibility for securing software as a service offerings is largely the responsibility of the service provider because the solution is consumed as a packaged static application. On the other end of the spectrum is infrastructure as a service which exposes users to a greater responsibility for securing individual virtual machines.
  • Have a backup plan: Most public and private cloud solutions trade direct control for cost savings and efficiencies derived from the cloud’s economies of scale. Transferring control of specific IT functions to another party does not fully obviate responsibility for availability of key workloads. Organizations must consider the provider’s disaster recovery and restoration plans in the context of their specific needs, keeping in mind requirements for service availability, data backup, data residency, etc.
  • Establish metrics and test regularly: Reputable cloud providers should offer a variety of Service Level Agreements (SLAs) that might include metrics such as: availability, outage notification, service restoration, average time to resolve, notification of breaches, etc. Cloud providers should proactively report on SLA compliance and deliver agreed-upon remedies.

Organizations should also test the metrics and security protocols that the cloud provider has committed to deliver. This might include performing audits, assessments, and even penetration tests to ensure effectiveness. It’s critical to remember that maintaining a strong security posture is a continual process that doesn’t end at the borders of your network; it ends wherever your data resides.

  • Don’t forget the basics: All too often organizations spend time and money developing security strategies that employ the latest (and most expensive) technical controls while turning a blind eye towards the basics of risk assessment, policy development / enforcement, and continuous validation of established and required controls. A quick look at many of the security issues of 2011 reveal some consistent themes:

– breaches and outdated vulnerabilities go hand in hand;
– poor management and enforcement of policy contribute to making that possible;
– breaches are most damaging when organizations don’t understand their risk posture.

These security basics apply equally to cloud environments as they do to local and partner networks. It is the responsibility of your organization to ensure that security policies cover standards and controls for outsourced environments, and it must become common practice to follow-up with providers regularly to assess changes.

Organizations should not shy away from cloud computing because of security and compliance concerns. Instead, they should look at cloud as a strategic way to bring the benefits of new technology to bear, and take the time and effort necessary to do so in a controlled manner. With careful planning and appropriate due diligence, we believe that some purpose-built cloud environments can be more secure than their local, single tenant counterparts.

By Jason Hilling – Manager, Strategy and Enablement, IBM Security Services

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Cloud as Our Children’s Playground

Cloud as Our Children’s Playground

Cloud as Our Children’s Playground We read everyday about the fast pace of business adoption of the cloud.  But children are adopting the cloud at just as an aggressive pace.  The Cloud is changing our children’s lives – the way they play, learn, and interact with others and the world around them.  I see children…

Are You Sure You Are Ready For The Cloud: Security

Are You Sure You Are Ready For The Cloud: Security

Cloud Security For the last several months, we have been discussing ways to make sure you are ready for the next step in your IT evolution: Cloud. When review the different steps of making sure you are ready, one that I have intentionally avoided was Security. I spoke to you about “Security of Business”, but…

Digital Transformation: Miracle and Wonder

Digital Transformation: Miracle and Wonder

Digital Transformation These are the days of miracle and wonder. I’ve been leading a small, global research team at the Tau Institute for the past few years to examine the dynamics of IT adoption in more than 100 countries throughout the world. We’ve developed several indices that show how well these nations are doing on a relative basis. We ranked the nations…

AWS re:Invent: Billions & Billions of Dollars

AWS re:Invent: Billions & Billions of Dollars

AWS re:Invent The massive AWS re:Invent show this week in Las Vegas is a celebration of cloud computing. What was formerly debatable is now inevitable: the world is moving to cloud. Amazon’s annual cloud revenues of about $7 billion, combined with an estimated $5 billion annual run rate by competitor Microsoft Azure, and the odd…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…

Where Is The Tipping Point For The Flying Drone Market?

Where Is The Tipping Point For The Flying Drone Market?

The Flying Drone Market In the past year I have written a number of articles here on CloudTweaks about Drones. I enjoy flying drones. One thing I’ve used my drone for is proving I didn’t need to do the worst fall maintenance job ever. Cleaning the gutters of the house by flying the drone around…

It Takes a Village to Raise a Cloud

It Takes a Village to Raise a Cloud

The Community Cloud “We are special. We have unique needs. Our demands for compliance and security go way above your average organization. There is no way we are going to put our precious data in a public cloud. It is just a non-starter.” Sound familiar? This kind of reasoning is often the driver behind either…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor