Security Considerations While Moving To The Cloud

Security Considerations While Moving To The Cloud

Security Considerations While Moving To The Cloud

It is always difficult to maintain in-house IT operations at the cutting edge of efficiency. Whether it is a question of getting enough budgets approved or keeping all stakeholders happy, life for technical managers is never easy.

On the other hand, clouds have certain inherent advantages. Big cost savings, convenience, scalability, conversion of CAPEX to OPEX are some of the features that go in favor of cloud solutions. These can help an organization accomplish a lot in a short span of time. Not to forget that cloud service providers do a phenomenal job in convincing businesses to offload at least part of their IT burden.

Amidst attractive marketing pitch it is likely that some of the security risks go un-noticed. Ignoring those risks may prove costly for business. While it is fine to go for cloud based solutions certain precautions must be taken.

Here is the list of considerations that organizations should apply before jumping on the bandwagon.

Know your security objectives

Most of the in-house IT setups have evolved over a period of time. Various security measures got added to the lists in an incremental fashion. Collective effect of all security measures is taken for granted when planning any new in-house system. But all those goodies will not be available in the cloud setup unless you explicitly ask for them. It is highly recommended that before opting for cloud solution, have your security objectives identified and documented. Never rely on an existing document that is several months old. It is always better to have an up-to-date document that captures security objectives and strategy clearly and comprehensively.

What does a service provider offer

Many cloud service providers are silent or vague about the kind of security they offer. Do not rely on marketing brochures which are generally meant to cater to a wide variety of customers. Explicitly ask your service provider about security policy document, practice manual, disaster recovery options applicable specifically to your subscription. Also check the security certifications the service provider has. Look for ISO 27001, SSAE 16, PCI DSS 2.0, HIPAA compliance and any other industry specific certifications. More number of updated certifications adds credibility to the provider.

Transition in phases

It is the old golden rule. Irrespective of the number of applications, size of databases or servers it is always better to structure them in logical phases and move them to cloud in stages. This will ensure that any surprises are discovered early in the cycle and risks are minimized.

Do a vulnerability assessment

Do not bank entirely on contract terms even after you have moved an application or domain to the cloud. Involve a third party to conduct a thorough vulnerability assessment before going live and find out any existing vulnerabilities. Fix those vulnerabilities and conduct another round of tests. Proceed with go-live only when the risk is within an acceptable range.

Maintain a parallel run

You must not wind up your existing in-house setup immediately after going live. It is the most reliable backup and recovery option you have got. Depending on the size of application and criticality the in-house setup can co-exist anywhere from few weeks to few months. Even after that you can continue to use that as an in-house backup. Unlike cloud backup, this backup would be available under your direct custody.

Buy Cyber security Insurance

Even after taking all the precautions in the book things can go wrong. Just one lapse is what hackers require before they can walk away with your sensitive data or carry out a DDOS attack or worse inflict downtime. Explore a suitable cyber security insurance option which can mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. This has to be over and above any safeguards in-built into the contract with cloud service provider.

Remember there are different types of cloud service providers – some are really good while others aren’t. Also, your organizations’ need are specific and even to date there is no one-size-fits-all solution. At the end of the day you are responsible for your data and it’s better to be safe than sorry.

By Manoj Tiwari

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

One Response to Security Considerations While Moving To The Cloud

  1. Here’s another observation from Gartner, mentioned in a Rick Blaisdell http://bit.ly/1hq9ezW: “…organizations are more likely to have a policy
    against sharing sensitive data with their business partners than with
    their cloud provider.”–http://bit.ly/paul_calento

On-Premise VoIP vs The Cloud

On-Premise VoIP vs The Cloud

Modern Day Phone Systems The jargon in the business phone system industry is enough to make even the most tech-savvy entrepreneur’s head spin. However, if we cut through all the strange wording and focus on the features that make each system unique, we can develop enough of an understanding to make a well-informed decision for…

Working With Hybrid And Multiclouds: Use Cases For Multicloud Computing

Working With Hybrid And Multiclouds: Use Cases For Multicloud Computing

Working with Hybrid and Multiclouds A multicloud strategy can deliver real gains in IT flexibility, cost savings, and can increase an organization’s responsiveness to changes in the market or internal developments in the business itself. But the migration of apps and services to a multicloud system isn’t without its challenges. Most IT managers I talk…

Medical Professionals Face Unique Challenges Using The Cloud

Medical Professionals Face Unique Challenges Using The Cloud

Medical Professionals Using The Cloud The presence and value of Cloud tools have seeped into virtually every industry, and the medical profession is certainly no exception. However, because of the special rules regarding patient privacy, specifically those found in HIPAA, people handling patient information must follow specific guidelines that in many cases, are violated by…

You’ve Moved Your Data To The Cloud…What Now?

You’ve Moved Your Data To The Cloud…What Now?

Data To The Cloud…What Now? You’ve done the research. You’ve vetted multiple cloud solutions. You’ve chosen the right vendor. And you’ve migrated your data to the cloud. All done, right? Not so fast… While it has become a bit of a scary proposition for many organizations to put their trust in the cloud and start…

Encrypting Your Cloud Data For Extra Protection

Encrypting Your Cloud Data For Extra Protection

Encrypting Your Cloud Data Encrypting data is one of the best ways of protecting your data as it moves to the cloud. The only thing better than encrypting your data, is not storing your data at all. Let’s first look at the case of using file sharing applications such as Dropbox. If you are the…

AWS re:Invent: Billions & Billions of Dollars

AWS re:Invent: Billions & Billions of Dollars

AWS re:Invent The massive AWS re:Invent show this week in Las Vegas is a celebration of cloud computing. What was formerly debatable is now inevitable: the world is moving to cloud. Amazon’s annual cloud revenues of about $7 billion, combined with an estimated $5 billion annual run rate by competitor Microsoft Azure, and the odd…

Banking On Recurring Revenue In The Cloud

Banking On Recurring Revenue In The Cloud

Recurring Revenue In The Cloud Many common traditions have held up for centuries (Thanksgiving dinner, anyone?), but the post millennial world of business and technology has perennially followed the idea that traditions are meant to be broken. Take a look at the radical change in the way content is consumed.Traditionally, cell phones were used as…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Advertising