The Lighter Side Of The Cloud – Drop Zone
The Lighter Side Of The Cloud – Synchronization
The Lighter Side Of The Cloud – Cloud Architecture
3 Keys To Keep Enterprise Clouds Secure

3 Keys To Keep Enterprise Clouds Secure

3 Keys To Keep Enterprise Clouds Secure

Outsourcing has won out over ownership, and the rush to the cloud continues to gather pace. Where security is concerned there are two major trends that threaten to expose your company to unnecessary risk. There’s a lack of planning and due diligence when choosing cloud providers, and there’s a murky grey area when it comes to responsibility. They can both be mitigated by building security planning into your system from the start, instead of trying to retro-fit.

enterprise-cloudThere are standards that can be applied to inform your planning, and help you to assess the maturity of your security model. The Cloud Controls Matrix (CCM) by the Cloud Security Alliance seeks to uncover a set of fundamental security principles that you can use to assess your prospective cloud providers, or, if you’re a cloud vendor, to guide your development and enable you to tick all those vital security boxes for customers.

Evaluating cloud provider security

When shopping for a cloud partner there’s a lot to consider and you should use something like the CCM to drill down into the details. Looking at the bigger picture, you need to address a lot of potential security risks.

Before you start to build out a security plan, probably drawing on your existing governance, risk and compliance processes, take time to analyze your data and identify all of your assets. Data classification and discovery is often overlooked and good security is about protecting everything, not just whatever is in your line of sight.

Ask any prospective cloud provider to produce detailed documentation on their setup. A complete set of terms should be hammered out in your Service Level Agreement (SLA) that covers every potential eventuality down the line. This will protect you and establish levels of responsibility. You should be clear on data encryption in transit and storage, compliance and legal exposure, levels of authentication, and what happens in the event of service breakdown.

It’s important to understand exactly what control you are ceding to an external party. Try to avoid the vendor lock-in that typically accompanies proprietary software, there are plenty of good applications and services out there that meet industry standards and deliver the functionality you need. You can also leverage more value from your existing tools and systems by investigating their security capabilities; you may find that you aren’t maximizing the potential of what you already have.

Consider how the system will be managed and how security incidents are handled. Is there a mechanism in place to detect and report security breaches? Without it, you simply don’t know how secure your system is.

Changing roles, who’s responsible for this?

Separate internal security teams are a thing of the past, those responsibilities are typically being infused within infrastructure and network administration roles. There’s a danger when this occurs that too much responsibility is being heaped onto already overburdened shoulders. Is the necessary expertise there? Are roles and responsibilities clearly defined? Do your internal employees have the mechanisms of control in place?

There could be an easy answer to this. If you’re prepared to outsource your data or application delivery and management, then why treat security any differently?  A dedicated external team with the correct expertise can own your security model and ensure that it meets high standards across the board, from compliance and governance, to privacy policy, auditing, data protection, and beyond.

Whether you need to adhere to ISO 27001/27002 or NIST compliance standards, you can bet that a dedicated external cloud security team working with these frameworks daily is going to have a better handle on them than internal staff with divided responsibilities. An external audit can document gaps in your system and give you a realistic snapshot of your risk. Before you can control and mitigate risks, you need to understand what they are.

Building a solid foundation

The shift to the cloud is not a one-off process, it’s a fluid evolution, and so establishing a model for your plan which can inform everything that comes later is important. You’re not looking to find that one perfect solution, you’re trying to adopt an approach and a set of standards that will ensure security beyond the horizon. Achieving a high level of security with your private or public cloud services and applications is easier and cheaper if you start right.

Make sure that boat is seaworthy before you launch, because finding and plugging leaks when you’re out in the middle of the ocean is asking for trouble.

Michelle-Drolet

By Michelle Drolet,

Michelle is the founder of Towerwall (www.towerwall.com) a data security services provider in Framingham, MA with clients such as PerkinElmer, Smith & Wesson, Middlesex Savings Bank, Brown University and SMBs. You may reach her at michelled@towerwall.com.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Popular

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at least one cloud-based application.…

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter

Using Big Data To Make Cities Smarter The city of the future is impeccably documented. Sensors are used to measure air quality, traffic patterns, and crowd movement. Emerging neighborhoods are quickly recognized, public safety threats are found via social networks, and emergencies are dealt with quicklier. Crowdsourcing reduces commuting times, provides people with better transportation…

Cloud-Based VOIP – 4 Alternatives To Skype

Cloud-Based VOIP – 4 Alternatives To Skype

Cloud-Based VOIP – 4 Alternatives To Skype Skype is the most popular cloud-based VOIP service. Since being bought out by Microsoft for $8.5 billion in 2011 the company has grown to more than 300 million users and now accounts for 34% of all international calls. Some people don’t want to use Skype though. Reports of…

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

Forrester Releases Its “15 Emerging Technologies To Watch Before 2020” Report

15 Emerging Technologies To Watch Before 2020 The cloud, big data, the internet of things, and wearable technology have all featured heavily in Forrester’s latest list of fifteen technologies to watch before 2020. It is becoming a reality for businesses that they need to adapt and change to an increasingly technologically-minded customer base. Traditional marketing…

Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration – 10 ‘Do it Right’ Tips Businesses continue to adopt the cloud at break neck speed. Inherent benefits like lower operational costs, no infrastructure overheads, and quick access to better technology make cloud a very attractive proposition for businesses, especially start-ups and SMEs. However moving from legacy to the cloud environment has its…

Recent

Thinking About Doing Business In China? Consider This…

Thinking About Doing Business In China? Consider This…

Doing Business in China? Consider This…  China’s economy continues to outperform both regional and global markets with double-digit growth for the last decade. IDC believes China’s GDP will maintain growth around 7.2% until 2020, allowing GDP to reach US$18 trillion or 17% of the world total. And with a population of over 1.35 billion people,…

Big Tech Trends For The 21st Century

Big Tech Trends For The 21st Century

Tech Trends For The 21st Century When the historians of the future look back on the 21st century, what will they say? Inevitably, the biggest stories in the coming century will be political and environmental – wars, revolutions, and natural disasters always dominate historical memory. But perhaps more than any previous epoch, the 21st century…

The Lighter Side Of The Cloud – Inferiority Complex

The Lighter Side Of The Cloud – Inferiority Complex

By Al Johnson Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates. About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information.…

Sponsored Posts

From C:\Prompt To CYOD – The Timely Shift To Desktop as a Service

From C:\Prompt To CYOD – The Timely Shift To Desktop as a Service

The Timely Shift to Desktop as a Service There may be some colleagues lurking within any given workforce who remember what a C:\> prompt meant. Much like the ring from Middle Earth, it had the power to make things happen. Desktop computers at that time were large grey beasts, with their only wired connection being…

Contact Us

Sending
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising