Which Governance Framework Is Right For Cloud Computing?

Which Governance Framework Is Right For Cloud Computing?

The Threat

Cloud computing is revolutionizing how organizations use technology worldwide and for a good reason, it leverages on economies of scale more than any application of technology in recent history. And with the economic stability of the world swaying back and forth, organizations and businesses are forced to embrace that which makes them more stable and compete in a shaky market. Cloud computing allows them to do just that as it leverages their business processes with high returns and low costs. But the aggregation of data and information in a single virtual space has its own risks –it becomes a prime target for attackers and opportunists. This is more in line with the concept of data gravity. As data becomes more massive, the faster it attracts other services, application, customers, and yes even attackers. It also becomes harder to move which only assures attackers that the data they want is in the same place at any given time.

Cloud computing has received the brunt of most recent high-profile security attacks and data breaches, giving cloud computing a bad reputation of being unsecure, which now makes it a scapegoat for any failed security measure. But cloud computing can become very secure no matter the architecture or type used, but this would require a strong governance framework.

The Solution: Security Governance Framework

A governance framework is essential for any concept of technology to succeed. There are different types of governance frameworks for most concepts like how to run the organization itself, as well as the different departments in an organization, and of course a dedicated governance framework for IT. But for cloud computing, perhaps the most important governance framework would be that for security.

As with IT governance which stretches across all of its facets, from the people to the whole organization, the cloud computing security governance framework must do the same. The framework must allow the CSO and CIO to oversee and assess all risks and manage them accordingly, as well as the security and compliance of the organization’s cloud environment.

This governance framework must allow for security, compliance, and all of IT and the rest of the organization to be synergized to make the cloud secure. And therefore must do some of the following things.

1. Educate your workforce. Most security breaches and attacks stem from negligence or ignorance from the basic building block of the organization, the rank and file. Most breaches are a result of something that internal users have done or failed to do, and to prevent such things from happening again or at all, they must be made aware of the dangers of some actions and must be educated with security measures which they should always comply with.

2. Audit compliance. Use an audit tool which can view the organization’s vulnerabilities across the board. It is common for departments to be without contact with each other because they are not related whatsoever, and the solution to this is to create a framework for compliance across the organization which combines the different streams of information from different groups, giving security administrators a single overview.

3. Employ Identity and Access Management (IAM). This is one of the best ways to keep track of people who have access to sensitive data. This prevents or at least mitigates breaches and attacks from internal sources. Access management must be paired with a data logging solution which allows administrators to know who does what, when and where and that all changes are logged and audited properly.

4. Employ Security Information and Event Management (SIEM). The ideal cloud security solution should integrate the organization’s access management to secure a complete view of where the organization stands in terms of security. Security as a service is one solution that organizations may avail if they cannot provide their own.

5. Look for guidance but ensure your own security. Many organizations both government, academic, or private like the European Network and Information Security Agency (ENISA) and the Cloud Security Alliance (CSA) have published papers and guidance protocols for securing cloud environments. Organizations can consider them as guidance and must form their own way for securing their cloud based on the recommendations and incorporate their own twists into those depending on their needs.

Conclusion

A governance framework is essential for cloud computing but there shouldn’t be just one good way to do it. Since no two organizations are alike, it would make sense that no two frameworks are alike, but they would have a lot of similarities. But no matter the difference all organizations need a security governance framework for any cloud infrastructure that they may be using.

By Abdul Salam

About Abdul

Abdul is a senior consultant with Energy Services, and author of numerous blogs, books, white papers, and tutorials on cloud computing and accomplished technical writer with CloudTweaks. He earned his bachelor’s degree in Information Technology, followed by an MBA-IT degree and certifications by Cisco and Juniper Networks.

He has recently co-authored: Deploying and Managing a Cloud Infrastructure: Real-World Skills for the CompTIA Cloud+ Certification (Wiley).

View All Articles

Sorry, comments are closed for this post.

Dreaming of a Cloud Transition and Transformation Framework

Dreaming of a Cloud Transition and Transformation Framework

Cloud Transition and Transformation Framework Many years ago I was introduced to the concepts that comprise the visual architecture process. During the process of learning about the concepts and process of visual architecture, I adopted many of the concepts, ideas and tools to use in my own processes. In particular, there was a component that…

Encrypting Your Cloud Data For Extra Protection

Encrypting Your Cloud Data For Extra Protection

Encrypting Your Cloud Data Encrypting data is one of the best ways of protecting your data as it moves to the cloud. The only thing better than encrypting your data, is not storing your data at all. Let’s first look at the case of using file sharing applications such as Dropbox. If you are the…

The Rise of Fintech and the End of Traditional Banking

The Rise of Fintech and the End of Traditional Banking

The Rise of Fintech Developments in financial technology, or fintech, are changing the way we make payments, with new products gradually transforming how personal and commercial transactions are processed. The pace of these developments has opened up a whole range of opportunities for fintech start-ups and new players; but the arrival of cutting-edge technology has…

Basic Cloud Risk Assessment Tips

Basic Cloud Risk Assessment Tips

Basic Cloud Risk Assessment You should worry about the risks of cloud computing. But don’t get too scared. With a few simple steps you can easily get a basic understanding of your risks in the cloud and even have a good start in managing these risks. If you are a large corporation in a regulated…

Is Your Corporate Data Appearing On Personal Clouds?

Is Your Corporate Data Appearing On Personal Clouds?

Corporate Data Appearing On Personal Clouds Enterprise cloud adoption has led to cloud consumerization, but how safe is any personal cloud? Remember when you’d join a company and they’d issue a desktop computer and corporate-issued cell phone? And remember all the company’s data was stored in a server on-site at the company? It’s fair to…

How Successful Businesses Ensure Quality Team Communication

How Successful Businesses Ensure Quality Team Communication

Quality Team Communication  (Sponsored post courtesy of Hubgets) Successful team communication and collaboration are as vital to project and overall business success as the quality of products and services an organization develops. We rely on a host of business tools to ensure appropriate customer interactions, sound product manufacturing, and smooth back-end operations. However, the interpersonal relationships…

Featured Sponsored Articles
How To Develop A Business Continuity Plan Using Internet Performance Management

How To Develop A Business Continuity Plan Using Internet Performance Management

Internet Performance Management Planning CDN Performance Series Provided By Dyn In our previous post, we laid out the problems of business continuity and Internet Performance Management in today’s online environment.  In this article, we will take a look at some of the ways you can use traffic steering capabilities to execute business continuity planning and…

Featured Sponsored Articles
Optimizing Digital Marketing Through Accessibility & Aesthetics

Optimizing Digital Marketing Through Accessibility & Aesthetics

Optimizing Digital Marketing In The Cloud Marketers are constantly looking for better ways to tantalize and engage customers, and there’s no space more competitive than the digital universe. Deliberating over pleasing layouts, effective calls to action, site responsiveness, and much more, digital marketers have more than enough to keep themselves busy without understanding the intricacies…

Featured Sponsored Articles

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor