3 Keys To Keep Enterprise Clouds Secure

3 Keys To Keep Enterprise Clouds Secure

3 Keys To Keep Enterprise Clouds Secure

Outsourcing has won out over ownership, and the rush to the cloud continues to gather pace. Where security is concerned there are two major trends that threaten to expose your company to unnecessary risk. There’s a lack of planning and due diligence when choosing cloud providers, and there’s a murky grey area when it comes to responsibility. They can both be mitigated by building security planning into your system from the start, instead of trying to retro-fit.

enterprise-cloudThere are standards that can be applied to inform your planning, and help you to assess the maturity of your security model. The Cloud Controls Matrix (CCM) by the Cloud Security Alliance seeks to uncover a set of fundamental security principles that you can use to assess your prospective cloud providers, or, if you’re a cloud vendor, to guide your development and enable you to tick all those vital security boxes for customers.

Evaluating cloud provider security

When shopping for a cloud partner there’s a lot to consider and you should use something like the CCM to drill down into the details. Looking at the bigger picture, you need to address a lot of potential security risks.

Before you start to build out a security plan, probably drawing on your existing governance, risk and compliance processes, take time to analyze your data and identify all of your assets. Data classification and discovery is often overlooked and good security is about protecting everything, not just whatever is in your line of sight.

Ask any prospective cloud provider to produce detailed documentation on their setup. A complete set of terms should be hammered out in your Service Level Agreement (SLA) that covers every potential eventuality down the line. This will protect you and establish levels of responsibility. You should be clear on data encryption in transit and storage, compliance and legal exposure, levels of authentication, and what happens in the event of service breakdown.

It’s important to understand exactly what control you are ceding to an external party. Try to avoid the vendor lock-in that typically accompanies proprietary software, there are plenty of good applications and services out there that meet industry standards and deliver the functionality you need. You can also leverage more value from your existing tools and systems by investigating their security capabilities; you may find that you aren’t maximizing the potential of what you already have.

Consider how the system will be managed and how security incidents are handled. Is there a mechanism in place to detect and report security breaches? Without it, you simply don’t know how secure your system is.

Changing roles, who’s responsible for this?

Separate internal security teams are a thing of the past, those responsibilities are typically being infused within infrastructure and network administration roles. There’s a danger when this occurs that too much responsibility is being heaped onto already overburdened shoulders. Is the necessary expertise there? Are roles and responsibilities clearly defined? Do your internal employees have the mechanisms of control in place?

There could be an easy answer to this. If you’re prepared to outsource your data or application delivery and management, then why treat security any differently?  A dedicated external team with the correct expertise can own your security model and ensure that it meets high standards across the board, from compliance and governance, to privacy policy, auditing, data protection, and beyond.

Whether you need to adhere to ISO 27001/27002 or NIST compliance standards, you can bet that a dedicated external cloud security team working with these frameworks daily is going to have a better handle on them than internal staff with divided responsibilities. An external audit can document gaps in your system and give you a realistic snapshot of your risk. Before you can control and mitigate risks, you need to understand what they are.

Building a solid foundation

The shift to the cloud is not a one-off process, it’s a fluid evolution, and so establishing a model for your plan which can inform everything that comes later is important. You’re not looking to find that one perfect solution, you’re trying to adopt an approach and a set of standards that will ensure security beyond the horizon. Achieving a high level of security with your private or public cloud services and applications is easier and cheaper if you start right.

Make sure that boat is seaworthy before you launch, because finding and plugging leaks when you’re out in the middle of the ocean is asking for trouble.

Michelle-Drolet

By Michelle Drolet,

Michelle is the founder of Towerwall (www.towerwall.com) a data security services provider in Framingham, MA with clients such as PerkinElmer, Smith & Wesson, Middlesex Savings Bank, Brown University and SMBs. You may reach her at michelled@towerwall.com.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Investing In The Future With The Introduction of Sage Cloud

Investing In The Future With The Introduction of Sage Cloud

CHICAGO, IL–(Marketwired – Jul 26, 2016) – Sage, a market leader in cloud accounting software, announced today at Sage Summit 2016 its strong commitment to future technologies, with a focus on new and existing partnerships that power business growth. Revealed during CEO Stephen Kelly’s keynote address, which opened the world’s largest gathering of entrepreneurs and…

2016 Tour de France: Racing With Big Data

2016 Tour de France: Racing With Big Data

2016 Tour de France The 2016 Tour de France has just concluded, with Chris Froome (SKY) taking his third overall win. Not the kind of event we often focus on here at CloudTweaks, but Dimension Data has put its analytics technology to use tracking the journeys of each rider across all 21 stages, and their…

Ransomware: A Digital Pandemic – Is There A Cure?

Ransomware: A Digital Pandemic – Is There A Cure?

The Rise Of Ransomware You can imagine the scene: you’ve just completed that business plan and a set of accounts. Finally, it’s done and saved, ready for a final read through and to be sent out to your contact list. And right when you’re ready to click “Send”, the next thing you see on the…

Martech In A Content Crazed World

Martech In A Content Crazed World

Content Crazed World Everywhere you look there are pop-up ads and offers, at times it can feel like overload. What used to be a few online ads on websites has now grown into a wild world of offers that consume your every device. These advancements in marketing technology can not only be overwhelming to the…

Hubgets – Advanced Collaboration, Enriched Communication

Hubgets – Advanced Collaboration, Enriched Communication

Advanced Collaboration Tool Sponsored series provided in collaboration with Hubgets Collaboration tools have advanced leaps and bounds with the advent of cloud technology, and the services available are only getting better. Promising features such as sophisticated group communication, productive management of tasks and meetings, and the ultimate dream, working remotely from some gorgeous island destination, innovative collaboration…

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

Which Is Better For Your Company: Cloud-Based or On-Premise ERP Deployment?

Which Is Better For Your Company: Cloud-Based or On-Premise ERP Deployment?

Cloud-Based or On-Premise ERP Deployment? You know how enterprise resource management (ERP) can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Speed, flexibility, and innovation require multiple cloud services As businesses seek new paths to innovation, racing to market with new features and products, cloud services continue to grow in popularity. According to Gartner, 88% of total compute will be cloud-based by 2020, leaving just 12% on premise. Flexibility remains a key consideration, and…

Infographic: IoT Programming Essential Job Skills

Infographic: IoT Programming Essential Job Skills

Learning To Code As many readers may or may not know we cover a fair number of topics surrounding new technologies such as Big data, Cloud computing , IoT and one of the most critical areas at the moment – Information Security. The trends continue to dictate that there is a huge shortage of unfilled…

Teach Yourself The Cloud: Cloud Computing Knowledge In 5 Easy Steps

Teach Yourself The Cloud: Cloud Computing Knowledge In 5 Easy Steps

Teach Yourself The Cloud Learn how to get to grips with cloud computing in business  Struggling to get your head around the Cloud? Here are five easy ways you can improve your cloud knowledge and perhaps even introduce cloud systems into your business.  Any new technology can appear daunting, and cloud computing is no exception.…

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Chances are if you’re working for a startup or smaller company, you don’t have a robust IT department. You’d be lucky to even have a couple IT specialists. It’s not that smaller companies are ignoring the value and importance of IT, but with limited resources, they can’t afford to focus on anything…

Cloud Infographic – Disaster Recovery

Cloud Infographic – Disaster Recovery

Disaster Recovery Business downtime can be detrimental without a proper disaster recovery plan in place. Only 6% of businesses that experience downtime without a plan will survive long term. Less than half of all businesses that experience a disaster are likely to reopen their doors. There are many causes of data loss and downtime —…

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Recurring Revenue Business Metrics Recurring revenue is the secret sauce behind the explosive growth of powerhouses like Netflix and Uber. Unsurprisingly, recurring revenue is also quickly gaining ground in more traditional industries like healthcare and the automotive business. In fact, nearly half of U.S. businesses have adopted or are planning to adopt a recurring revenue model,…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…