Security Considerations While Moving To The Cloud

Security Considerations While Moving To The Cloud

Security Considerations While Moving To The Cloud

It is always difficult to maintain in-house IT operations at the cutting edge of efficiency. Whether it is a question of getting enough budgets approved or keeping all stakeholders happy, life for technical managers is never easy.

On the other hand, clouds have certain inherent advantages. Big cost savings, convenience, scalability, conversion of CAPEX to OPEX are some of the features that go in favor of cloud solutions. These can help an organization accomplish a lot in a short span of time. Not to forget that cloud service providers do a phenomenal job in convincing businesses to offload at least part of their IT burden.

Amidst attractive marketing pitch it is likely that some of the security risks go un-noticed. Ignoring those risks may prove costly for business. While it is fine to go for cloud based solutions certain precautions must be taken.

Here is the list of considerations that organizations should apply before jumping on the bandwagon.

Know your security objectives

Most of the in-house IT setups have evolved over a period of time. Various security measures got added to the lists in an incremental fashion. Collective effect of all security measures is taken for granted when planning any new in-house system. But all those goodies will not be available in the cloud setup unless you explicitly ask for them. It is highly recommended that before opting for cloud solution, have your security objectives identified and documented. Never rely on an existing document that is several months old. It is always better to have an up-to-date document that captures security objectives and strategy clearly and comprehensively.

What does a service provider offer

Many cloud service providers are silent or vague about the kind of security they offer. Do not rely on marketing brochures which are generally meant to cater to a wide variety of customers. Explicitly ask your service provider about security policy document, practice manual, disaster recovery options applicable specifically to your subscription. Also check the security certifications the service provider has. Look for ISO 27001, SSAE 16, PCI DSS 2.0, HIPAA compliance and any other industry specific certifications. More number of updated certifications adds credibility to the provider.

Transition in phases

It is the old golden rule. Irrespective of the number of applications, size of databases or servers it is always better to structure them in logical phases and move them to cloud in stages. This will ensure that any surprises are discovered early in the cycle and risks are minimized.

Do a vulnerability assessment

Do not bank entirely on contract terms even after you have moved an application or domain to the cloud. Involve a third party to conduct a thorough vulnerability assessment before going live and find out any existing vulnerabilities. Fix those vulnerabilities and conduct another round of tests. Proceed with go-live only when the risk is within an acceptable range.

Maintain a parallel run

You must not wind up your existing in-house setup immediately after going live. It is the most reliable backup and recovery option you have got. Depending on the size of application and criticality the in-house setup can co-exist anywhere from few weeks to few months. Even after that you can continue to use that as an in-house backup. Unlike cloud backup, this backup would be available under your direct custody.

Buy Cyber security Insurance

Even after taking all the precautions in the book things can go wrong. Just one lapse is what hackers require before they can walk away with your sensitive data or carry out a DDOS attack or worse inflict downtime. Explore a suitable cyber security insurance option which can mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. This has to be over and above any safeguards in-built into the contract with cloud service provider.

Remember there are different types of cloud service providers – some are really good while others aren’t. Also, your organizations’ need are specific and even to date there is no one-size-fits-all solution. At the end of the day you are responsible for your data and it’s better to be safe than sorry.

By Manoj Tiwari

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

One Response to Security Considerations While Moving To The Cloud

  1. Here’s another observation from Gartner, mentioned in a Rick Blaisdell http://bit.ly/1hq9ezW: “…organizations are more likely to have a policy
    against sharing sensitive data with their business partners than with
    their cloud provider.”–http://bit.ly/paul_calento

Comic
Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation…

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

Embracing The Cloud We love the stories of big complacent industry leaders having their positions sledge hammered by nimble cloud-based competitors. Saleforce.com chews up Oracle’s CRM business. Airbnb has a bigger market cap than Marriott. Amazon crushes Walmart (and pretty much every other retailer). We say: “How could they have not seen this coming?” But, more…

What Futuristic Tech Will You See In Your Lifetime?

What Futuristic Tech Will You See In Your Lifetime?

Futuristic Tech The world and what people can do is increasingly being driven by technology. It has already shaped the world we live in, but over the next few decades it is set to shape the world in ways that we can barely imagine. There have already been some great leaps in IoT technology recently,…

The Lighter Side Of The Cloud – Hiding Spots

The Lighter Side Of The Cloud – Hiding Spots

By David Fletcher Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via@cloudtweaks) to our original comic sources is greatly appreciated.

Recent Articles - Posted by
Fintech Exploiting AI and Blockchain Technology

Fintech Exploiting AI and Blockchain Technology

AI and Blockchain Technology The field of artificial intelligence (AI) had progressed rapidly in the last ten years, though first recognized in the 1950s. From autonomous motor vehicles to digital personal assistants, the technology is making its way into a variety of industries, enabling better task automation, language processing, and data analytics. But more recently,…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Speed, flexibility, and innovation require multiple cloud services As businesses seek new paths to innovation, racing to market with new features and products, cloud services continue to grow in popularity. According to Gartner, 88% of total compute will be cloud-based by 2020, leaving just 12% on premise. Flexibility remains a key consideration, and…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Utilizing Digital Marketing Techniques Via The Cloud

Utilizing Digital Marketing Techniques Via The Cloud

Digital Marketing Trends In the past, trends in the exceptionally fast-paced digital marketing arena have been quickly adopted or abandoned, keeping marketers and consumers on their toes. 2016 promises a similarly expeditious temperament, with a few new digital marketing offerings taking center stage. According to Gartner’s recent research into Digital Marketing Hubs, brands plan to…

Cloud Infographic – Cloud Public, Private & Hybrid Differences

Cloud Infographic – Cloud Public, Private & Hybrid Differences

Cloud Public, Private & Hybrid Differences Many people have heard of cloud computing. There is however a tremendous number of people who still cannot differentiate between Public, Private & Hybrid cloud offerings.  Here is an excellent infographic provided by the group at iWeb which goes into greater detail on this subject. Infographic source: iWeb

Moving Your Enterprise Apps To The Cloud Is A Business Decision

Moving Your Enterprise Apps To The Cloud Is A Business Decision

Moving Your Enterprise Apps Whether it be enterprise apps or any other, if there is any heavy data that is going to be transacted in and through an app, then affiliating it with the Cloud becomes a must. And then an important question arises: How do you decide when to integrate your enterprise app with…

Cloud Computing Price War Rages On

Cloud Computing Price War Rages On

Cloud Computing Price War There’s little question that the business world is a competitive place, but probably no area in business truly defines cutthroat quite like cloud computing. At the moment, we are witnessing a heated price war pitting some of the top cloud providers against each other, all in a big way to attract…

The Future Of Cybersecurity

The Future Of Cybersecurity

The Future of Cybersecurity In 2013, President Obama issued an Executive Order to protect critical infrastructure by establishing baseline security standards. One year later, the government announced the cybersecurity framework, a voluntary how-to guide to strengthen cybersecurity and meanwhile, the Senate Intelligence Committee voted to approve the Cybersecurity Information Sharing Act (CISA), moving it one…