Five Tips for Cloud Security

Five Tips for Cloud Security

Cloud computing has created a new model that offers the possibility of elastic and flexible computing environments for software, infrastructure, and development platforms with reduced costs and quicker time to value than traditional in-house solutions. So with these benefits in mind, you might wonder why everyone isn’t riding the cloud wave. The main impediment to cloud growth continues to be that of security concerns covering a broad spectrum of issues, including:

  • risk and audit posture of the cloud provider;
  • proliferation of data within the cloud;
  • lack of control.

Perceived security challenges aside, it’s certainly possible to enjoy the benefits of cloud while actively managing the associated risks. To this end, we offer the following tips and advice to readers considering a cloud computing solution:

  • Think strategically: Not all workloads are created equal; careful consideration must be given to each workload before determining its appropriateness for movement into the cloud. Organizations must understand the governance and security requirements for each proposed workload and then validate whether or not they can be met within the cloud environment. It is only through this selective evaluation process that you can help avoid audit exposure and control the proliferation of data, which may be subject to a variety of differing controls and residency requirements.
  • Establish clearly defined roles and responsibilities: When adopting public and hybrid cloud solutions, the relationship between consumer and service provider most closely resemble that of a traditional IT outsourcing arrangement. As such, it is critical that each party has a clear understanding of their unique security obligations. For example, responsibility for securing software as a service offerings is largely the responsibility of the service provider because the solution is consumed as a packaged static application. On the other end of the spectrum is infrastructure as a service which exposes users to a greater responsibility for securing individual virtual machines.
  • Have a backup plan: Most public and private cloud solutions trade direct control for cost savings and efficiencies derived from the cloud’s economies of scale. Transferring control of specific IT functions to another party does not fully obviate responsibility for availability of key workloads. Organizations must consider the provider’s disaster recovery and restoration plans in the context of their specific needs, keeping in mind requirements for service availability, data backup, data residency, etc.
  • Establish metrics and test regularly: Reputable cloud providers should offer a variety of Service Level Agreements (SLAs) that might include metrics such as: availability, outage notification, service restoration, average time to resolve, notification of breaches, etc. Cloud providers should proactively report on SLA compliance and deliver agreed-upon remedies.

Organizations should also test the metrics and security protocols that the cloud provider has committed to deliver. This might include performing audits, assessments, and even penetration tests to ensure effectiveness. It’s critical to remember that maintaining a strong security posture is a continual process that doesn’t end at the borders of your network; it ends wherever your data resides.

  • Don’t forget the basics: All too often organizations spend time and money developing security strategies that employ the latest (and most expensive) technical controls while turning a blind eye towards the basics of risk assessment, policy development / enforcement, and continuous validation of established and required controls. A quick look at many of the security issues of 2011 reveal some consistent themes:

– breaches and outdated vulnerabilities go hand in hand;
– poor management and enforcement of policy contribute to making that possible;
– breaches are most damaging when organizations don’t understand their risk posture.

These security basics apply equally to cloud environments as they do to local and partner networks. It is the responsibility of your organization to ensure that security policies cover standards and controls for outsourced environments, and it must become common practice to follow-up with providers regularly to assess changes.

Organizations should not shy away from cloud computing because of security and compliance concerns. Instead, they should look at cloud as a strategic way to bring the benefits of new technology to bear, and take the time and effort necessary to do so in a controlled manner. With careful planning and appropriate due diligence, we believe that some purpose-built cloud environments can be more secure than their local, single tenant counterparts.

Contribution By Jason Hilling – Manager, Strategy and Enablement, IBM Security Services

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

2 Responses to Five Tips for Cloud Security

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

What is the 12/12 Program?

This program is designed to better handle the thousands of requests we receive from people looking to submit articles. The 12/12 program is the commitment of 12 articles delivered over a 12-month period.  

Wait! What if I just want to submit one article?

Our popular pay as you go sponsorship program provides the flexibility to submit as you wish and is designed for all budgets.

Contributors

Ten Tips For Successful Business Intelligence Implementation

Ten Tips For Successful Business Intelligence Implementation

Ten Tips for Successful Business Intelligence Implementation The cost of Business Intelligence (BI) software goes far beyond the purchase price. Time spent researching, implementing, and maintaining your BI investment can snowball quickly and mistakes are often expensive. Your time is valuable – save it by learning from other businesses’ experiences. We’ve compiled the top ten

Knots And Cloud Service Providers

Knots And Cloud Service Providers

How Do These Two Compare? In Boy Scouts, I learned how to tie knots. The quickest knot you can tie is the slipknot. It’s very effective for connecting one thing to another via the rope you have. It was used in setting up tents, mooring boats to docks temporarily and lifting your food up into

What Ever Happened To Google Glass?

What Ever Happened To Google Glass?

What Ever Happened to Google Glass? It was supposed to be the next big thing in tech so where did it go? Last year you could not go anywhere without hearing about some insane new use for the product and now it seems to have vanished in a plume of smoke. A Lackluster Rollout Back

Posted on by

Big Data

To Have and Have Not: Big Data Initiatives In Developing Countries

To Have and Have Not: Big Data Initiatives In Developing Countries

Big Data Initiatives In Developing Countries The poor of the developing countries are becoming increasingly connected, to the point where they too are part of the Big Data revolution that’s happening across the globe. It didn’t come with laptops, though, as some supposed it would. Whereas it costs a fortune to connect broadband to a

Big Data In Your Garden: Initiatives For Better Understanding Nature

Big Data In Your Garden: Initiatives For Better Understanding Nature

Big Data in Your Garden Big Data and IoT initiatives are springing up all across the globe, making cities, protesters–and just about everything else–smarter. However, thus far there’s been little attention paid to the interactions between these bizarre technologies and living things other than humans. Biology, that is, human biology is one field where Big

Who Holds the Key to the City: Big Data and City Management

Who Holds the Key to the City: Big Data and City Management

Big Data and City Management Cities like New York, Madrid, and especially Rio de Janeiro are augmented with Big Data-powered initiatives that range from combating crime with predictive analytics (New York & Madrid) to providing real-time data for improved management. Although Big Data is no panacea and is mainly used in conjunction with a greater

Internet of Things

Where’s the Capital of the Internet of Things?

Where’s the Capital of the Internet of Things?

Where’s the Capital? We all know the capitals of fashion are London, New York and Paris, while the capital of film is Hollywood (or Bollywood!) – but what’s the new capital of the internet? Specifically, the internet of things? The answer – according to new research by Ozy – might surprise you. It’s not Tokyo, Seoul,

Smart Cities – How Big Data Is Changing The Power Grid

Smart Cities – How Big Data Is Changing The Power Grid

Smart Cities And Big Data As Anthony Townsend argues in his SMART CITIES, even though the communications industry has changed beyond recognition since its inception, the way we consume power has remained stubbornly anachronistic. The rules of physics are, of course, partially to blame, for making grid networks harder to decentralize, as opposed to communication

Aggregated News

Popular News Sources

Why Microsoft CEO Satya Nadella Loves What Steve Ballmer Once Despised

Why Microsoft CEO Satya Nadella Loves What Steve Ballmer Once Despised

“I don’t want to fight old battles,” says Microsoft CEO Satya Nadella. “I want to fight new ones.” It’s Sunday evening, and Nadella is sitting in a glass-enclosed room at the back of a Japanese restaurant in San Francisco’s North Beach neighborhood, eating sushi with a few reporters. The post Why Microsoft CEO Satya Nadella Loves

Apple sales soar after record-breaking iPhone 6 and 6 Plus launch

Apple sales soar after record-breaking iPhone 6 and 6 Plus launch

The US tech giant reported a 16 per cent jump in iPhone sales between July and September, and the strongest growth in Mac computer shipments in years. Read the source article at dailymail.co.uk About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of

Q&A: Intel’s Take on Chinese Startups, Innovation

Q&A: Intel’s Take on Chinese Startups, Innovation

Intel’s venture-capital arm on Tuesday said it would be investing $28 million in five Chinese startups that work on new technologies ranging from wearable devices to iris detection. It is Intel Capital’s first infusion from a $100 million China fund launched in April … Read the source article at WSJ Blogs About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized