Security Considerations While Moving To The Cloud

Security Considerations While Moving To The Cloud

Security Considerations While Moving To The Cloud

It is always difficult to maintain in-house IT operations at the cutting edge of efficiency. Whether it is a question of getting enough budgets approved or keeping all stakeholders happy, life for technical managers is never easy.

On the other hand, clouds have certain inherent advantages. Big cost savings, convenience, scalability, conversion of CAPEX to OPEX are some of the features that go in favor of cloud solutions. These can help an organization accomplish a lot in a short span of time. Not to forget that cloud service providers do a phenomenal job in convincing businesses to offload at least part of their IT burden.

Amidst attractive marketing pitch it is likely that some of the security risks go un-noticed. Ignoring those risks may prove costly for business. While it is fine to go for cloud based solutions certain precautions must be taken.

Here is the list of considerations that organizations should apply before jumping on the bandwagon.

Know your security objectives

Most of the in-house IT setups have evolved over a period of time. Various security measures got added to the lists in an incremental fashion. Collective effect of all security measures is taken for granted when planning any new in-house system. But all those goodies will not be available in the cloud setup unless you explicitly ask for them. It is highly recommended that before opting for cloud solution, have your security objectives identified and documented. Never rely on an existing document that is several months old. It is always better to have an up-to-date document that captures security objectives and strategy clearly and comprehensively.

What does a service provider offer

Many cloud service providers are silent or vague about the kind of security they offer. Do not rely on marketing brochures which are generally meant to cater to a wide variety of customers. Explicitly ask your service provider about security policy document, practice manual, disaster recovery options applicable specifically to your subscription. Also check the security certifications the service provider has. Look for ISO 27001, SSAE 16, PCI DSS 2.0, HIPAA compliance and any other industry specific certifications. More number of updated certifications adds credibility to the provider.

Transition in phases

It is the old golden rule. Irrespective of the number of applications, size of databases or servers it is always better to structure them in logical phases and move them to cloud in stages. This will ensure that any surprises are discovered early in the cycle and risks are minimized.

Do a vulnerability assessment

Do not bank entirely on contract terms even after you have moved an application or domain to the cloud. Involve a third party to conduct a thorough vulnerability assessment before going live and find out any existing vulnerabilities. Fix those vulnerabilities and conduct another round of tests. Proceed with go-live only when the risk is within an acceptable range.

Maintain a parallel run

You must not wind up your existing in-house setup immediately after going live. It is the most reliable backup and recovery option you have got. Depending on the size of application and criticality the in-house setup can co-exist anywhere from few weeks to few months. Even after that you can continue to use that as an in-house backup. Unlike cloud backup, this backup would be available under your direct custody.

Buy Cyber security Insurance

Even after taking all the precautions in the book things can go wrong. Just one lapse is what hackers require before they can walk away with your sensitive data or carry out a DDOS attack or worse inflict downtime. Explore a suitable cyber security insurance option which can mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. This has to be over and above any safeguards in-built into the contract with cloud service provider.

Remember there are different types of cloud service providers – some are really good while others aren’t. Also, your organizations’ need are specific and even to date there is no one-size-fits-all solution. At the end of the day you are responsible for your data and it’s better to be safe than sorry.

By Manoj Tiwari

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

One Response to Security Considerations While Moving To The Cloud

  1. Here’s another observation from Gartner, mentioned in a Rick Blaisdell http://bit.ly/1hq9ezW: “…organizations are more likely to have a policy
    against sharing sensitive data with their business partners than with
    their cloud provider.”–http://bit.ly/paul_calento

Comic
The Annual Compliance & Ethics Institute:  Hot Topics – Cyber Security, Big Data, Privacy Breach Response

The Annual Compliance & Ethics Institute: Hot Topics – Cyber Security, Big Data, Privacy Breach Response

Cyber Security, Big Data, Privacy Breach Response MINNEAPOLIS, Aug. 30, 2016 /PRNewswire-USNewswire/ — Cyber security, social media, modern slavery, anti-corruption, export controls and sanctions, and privacy top the list of “Hot Issues” compliance and ethics professionals face each day. These and many other compliance and ethics concerns will be addressed at the 2016 Compliance & Ethics…

Top 5 Digital Health Trends

Top 5 Digital Health Trends

Digital Health Trends It is very important to keep up with the changing technology. However, it is also just as important to advance the consumer experience, care delivery methods and create opportunities for career development for the healthcare workforce. Five trends that are proven to be effective in winning in the digital age have been…

Technological Advances In The Healthcare Industry

Technological Advances In The Healthcare Industry

The Healthcare Industry The use of smart devices in healthcare is expanding, and according to a report by Technavio the global smart wearable healthcare device and services market will show a compounded annual growth rate of over 18%. Thanks to modern medicine, lifespans are increasing, resulting in aging populations and a higher frequency of chronic…

How Secure Is Your School Campus Network?

How Secure Is Your School Campus Network?

School Networks School related networks are one of the most attacked sectors today, coming in third worldwide to healthcare and retail. Because of the ever growing threat of cybercrime, IT professionals everywhere aren’t thinking in terms of “what if our network gets attacked?” Now, they think in terms of “when will our network be attacked?”…

IBM and VMware Expand Partnership to Enable Easy Hybrid Cloud Adoption

IBM and VMware Expand Partnership to Enable Easy Hybrid Cloud Adoption

IBM and VMware Expand Partnership More than 500 new clients, including Marriott International are now running VMware software on IBM Cloud since the strategic cloud partnership was announced;Introduction of VMware Cloud Foundation on IBM Cloud helps move existing apps to the cloud within hours; More than 4,000 IBM service professionals trained to help organizations extend…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Which Is Better For Your Company: Cloud-Based or On-Premise ERP Deployment?

Which Is Better For Your Company: Cloud-Based or On-Premise ERP Deployment?

Cloud-Based or On-Premise ERP Deployment? You know how enterprise resource management (ERP) can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and…

Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies are retaining their existing, on-premise IT infrastructures while also embracing the latest cloud technologies. In fact, IDC predicts markets for such hybrid cloud environments will grow from the over $25 billion global market we saw…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…

5 Reasons Why Your Startup Will Grow Faster In The Cloud

5 Reasons Why Your Startup Will Grow Faster In The Cloud

Cloud Startup Fast-tracking Start-ups face many challenges, the biggest of which is usually managing growth. A start-up that does not grow is at constant risk of failure, whereas a new business that grows faster than expected may be hindered by operational constraints, such as a lack of staff, workspace and networks. It is an unfortunate…

The Storytelling Machine: Big Content and Big Data

The Storytelling Machine: Big Content and Big Data

Bridging The Gap Between Big Content and Big Data Advances in cloud computing, along with the big data movement, have transformed the business IT landscape. Leveraging the cloud, companies are now afforded on demand capacity and mobile accessibility to their business-critical systems and information. At the same time, the amount of structured and unstructured data…

Protecting Your Web Applications In A Hybrid Cloud Environment

Protecting Your Web Applications In A Hybrid Cloud Environment

Protecting Your Web Applications It’s no secret that organizations are embracing the cloud and all the benefits that it entails. Whether its cost savings, increased flexibility or enhanced productivity – businesses around the world are leveraging the cloud to scale their business and better serve their customers. They are using a variety of cloud solutions…

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud With the results of Cisco Global Could Index: 2013-2018 and Hosting and Cloud Study 2014, predictions for the future of cloud computing are notable. Forbes reported that spending on infrastructure-related services has increased as public cloud computing uptake spreads, and reflected on Gartner’s Public Cloud Services Forecast. The public cloud service…

Surprising Facts and Stats About The Big Data Industry

Surprising Facts and Stats About The Big Data Industry

Facts and Stats About The Big Data Industry If you start talking about big data to someone who is not in the industry, they immediately conjure up images of giant warehouses full of servers, staff poring over page after page of numbers and statistics, and some big brother-esque official sat in a huge government building…

The Internet of Things – Redefining The Digital World As We Know It

The Internet of Things – Redefining The Digital World As We Know It

Redefining The Digital World According to Internet World Stats (June 30th, 2015), no fewer than 3.2 billion people across the world now use the internet in one way or another. This means an incredible amount of data sharing through the utilization of API’s, Cloud platforms and inevitably the world of connected Things. The Internet of Things is a…