The Lighter Side Of The Cloud – Application Forecaster
The Lighter Side Of The Cloud – Fear Of Heights
The Lighter Side Of The Cloud – Apple Pay
CIAA: What Should Matter Most For Cloud Security

CIAA: What Should Matter Most For Cloud Security

CIAA: What Should Matter Most For Cloud Security

Everyday there are more articles citing security as the top concern holding back public cloud adoption. While cloud means many things to different people, so does the term security. In discussions with business and industry experts, security concerns really boil down to the classic CIA—now CIAA—triad: confidentiality, integrity, availability and the more recently appended “audit”.

Public cloud security concerns seem to be more focused on Infrastructure as a Service (IaaS) for sensitive type workloads and on newer Software as a Service (SaaS) services. Even with the latest concerns around PRISM and the intercepting of data on cloud servers, the economic viability of cloud computing is too good to hold back. Gartner has predicted 17.7% CAGR in public cloud services usage through 2016.

Below is a break down of CIAA and how it can be adapted to cloud security needs today.

Confidentiality is about limiting access or placing restrictions on information, and in order to do that successfully, information needs to be categorized according to its sensitivity and business risk level. Once that assessment has been made, organizations can use workloads of a lower risk level as a starting point for getting comfortable with public cloud services. Not all public cloud providers are created equal and a growing number have well established data handling and security procedures. Some cloud providers have tailored their services to different verticals such as healthcare, government and retail mostly for compliance reasons, but many also cater to some of the more stringent needs around data protection.

However, both cloud providers and consumers would benefit from a model where cloud services could be universally classified according to different levels of trust.  The Open Data Center Alliance has promoted such a model in its Provider Assurance usage model with categories ranging from bronze for less sensitive data to platinum at the higher level.

Integrity is focused on maintaining and assuring the accuracy and consistency of data. To do that, standards have to be implemented to ensure that data cannot be tampered with, and is only accessed by those who have the correct permissions. In addition to the data classification measures in the previous paragraph, integrity can also be ensured by putting in place strict monitoring controls – think threat data analytics and SIEM, encryption, and tokenization. In a public cloud IaaS model the application of these controls will be split between the provider and the end user. Part of establishing appropriate controls and being able to attest and report against these will be derived from drawing up SLAs and reviewing controls over time to ensure that they meet your organization’s needs.

Availability is simply ensuring that data or a service is available when needed.  For the nature of today’s real-time transactions, even data or services with a lower risk level usually require high availability. Public cloud outages are often highly publicized, but the reality is that these are few and far between. Additionally, with the correct precautions, the impact of such outages can be lessened.

For organizations with limited IT staff, select a cloud provider that offers complete cloud redundancy. Onramps are often used to migrate data to the cloud, and a side benefit of that is that they can also provide cloud mirroring, which allows data to be written to two cloud providers at the same time. This is an ideal strategy as the chances of both providers having an outage at the exact same time would be extremely rare.

Audit refers to the examination and confirmation of controls around data and the IT infrastructure. This is perhaps the most complex aspect of the CIAA concept, as it can be difficult to navigate a maze of emerging regulatory standards—some of which have conflicting clauses. The good news is that the Cloud Security Standards Cloud Controls Matrix provides a cross walk of multiple standards and regulations broken down by cloud model. The benefit is a unified audit framework that organizations can use to audit once and report against multiple requirements simultaneously.

Remember that levels of confidentiality, integrity, availability and audit depend on the context—not just cloud context. Business, technical and human risk, governance and other regulatory standards will all condition how CIAA pertains to a particular cloud instance.

evelyn-de-souzaBy Evelyn de Souza,

Evelyn de Souza is a Senior Cloud and Data Center Security Strategist at Cisco, and Co-chair for the Cloud Security Alliance Cloud Controls Matrix. Follow her on Twitter at @e_desouza.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Recent

Beyond Gaming: Three Practical Applications For Oculus Rift

Beyond Gaming: Three Practical Applications For Oculus Rift

Three Practical Applications For Oculus Rift  Since the announcement of the Oculus Rift in 2012 gamers and game developers alike have been frenzied trying to both get their hands on the unit or build their own proprietary VR machine. The VR gold rush has since lead to the announcement of Project Morpheus from Sony and…

The Lighter Side Of The Cloud – Due Diligence

The Lighter Side Of The Cloud – Due Diligence

By David Fletcher Please support our comics by sharing, licensing or visiting our cloud sponsors (Below). Your support goes a long way in allowing us to continue to produce our lighthearted comics each week.   About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information.…

Popular

Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration – 10 ‘Do it Right’ Tips Businesses continue to adopt the cloud at break neck speed. Inherent benefits like lower operational costs, no infrastructure overheads, and quick access to better technology make cloud a very attractive proposition for businesses, especially start-ups and SMEs. However moving from legacy to the cloud environment has its…

PaaS vs Docker – why is it such a heated debate?

PaaS vs Docker – why is it such a heated debate?

PaaS vs Docker Docker started as just a software container on top of a Linux operating system which seemed like a simple optimization for a fat hypervisor. Its disruptive force however comes from the fact that it does force us to rethink many of the layers of the cloud stack. Starting from the way we…

Public vs. Private vs. Hybrid: Which Cloud Is Right for Your Business?

Public vs. Private vs. Hybrid: Which Cloud Is Right for Your Business?

Public vs. Private vs. Hybrid The debate surrounding the deliverability of cloud computing is coming to a close. Businesses have begun to rapidly adopt the use of cloud services, courtesy the ROI this disruptive technology brings to the table. They have finally realized they cannot afford to ignore the cloud. A Forrester study found that…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at least one cloud-based application.…

The History Of Back-Ups

The History Of Back-Ups

The History of Back-Ups There’s no doubt about it – we are spoilt. With external hard-drives, CDs, USB memory sticks, SD cards, online storage and multiple devices with vast memories we can save, access and back up our data more easily and more efficiently than ever before. (Image Source: Maxim Yurin, SoftLogica)  It’s not always been…

Sponsored Posts

Selling Your Business To Your Employees

Selling Your Business To Your Employees

Mobility For Your Employees It may seem a radical notion, the idea of selling your business to the people who work for you, but this is the era in which we now work. Employees of all levels are all incredibly aware of their options when it comes to mobility and employability. This doesn’t mean that…

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising