RANSOMWARE TRACKING MAPS

Recent problems experienced with Ransomware are evident from infections, which have occurred in 99 countries including China and Russia. The organization that was worst hit by the attack was the National Health Service in England. It was reported that there was a WannaCry programme that demanded...

How Can We Secure Mixed-Cloud Environments?

How Can We Secure Mixed-Cloud Environments?

There is no doubt as to the benefits that cloud computing brings to businesses around the world. But there is also no question that security is one of the most immediate concerns when moving from local, in-house IT solutions to cloud-based solutions. Businesses tend to mix and match different cloud solutions from multiple vendors in order to satisfy business needs. This leads to a not-so-healthy mix of cloud solutions, platforms and data variations. Securing cloud environments is already complicated and challenging enough, and mixing different solutions only serves to worsen the situation to the point that it can get out of hand. However, this approach will continue to become more common because of the ever-changing business environment, and because cloud service providers are constantly evolving their solutions in order to cope with skyrocketing competition. This leads to a juggling and cannibalism of clients among competitors.

So, the big question is what will constitute an effective strategy to secure all these mixed-cloud environments when an organization decides to build a private cloud to enhance existing IT services, employ third-party vendors for other cloud solution needs, or even invest in an SaaS or PaaS in order to cut down on software solution costs. We examine some ways to secure mixed-cloud environments.

  • Focus on the data. First and foremost, it is very important to be data-centric when thinking about security in the cloud. You must always be aware of where your data is, and of who handles it. A mixed-cloud environment will make this complicated, but companies are coping with this with the help of something called, “rules as a service”. There is also an extra challenge when data from different environments is being combined for the purpose of analytics. The resulting new form of data may trigger a series of regulatory controls and restrictions along with potential privacy concerns. So, being data-centric in security would mean that it is critical to focus on data and service classification to determine which data to deploy on the cloud. Organizations should have sound technical policy control definitions based on data classification and user authorization.
  • Look at the broader ecosystem. Companies must see the bigger picture and consider the complete mix of their mobile, social and cloud environments. Most companies implement their cloud solutions over time, which results in fragmentation – this simply will not do. It is imperative that security controls work and reflect all of the environments that the company might have. So, look to the long term and consider all the cloud environments you need before even implementing one, no matter how far off the implementation of others might be.
  • Create a road map of which security requirements need to be in place, based on the environment that you will be implementing. This road map is necessary and must be used as a checklist or questionnaire for new systems when you consider the service providers, tools, and infrastructure you plan to implement.
  • Learn from those who have gone before you. You are not the only one who has come across the problem and most probably not the first. There will always be others who have encountered and solved this problem already; so, learn from their mistakes and adapt their solutions. The service providers you will be considering will probably have experience in this aspect – work with them in planning your security requirements.

By Abdul Salam

About CloudBuzz

Daily tech news snapshots and insights from around the world...

SYNDICATED NEWS SOURCES

Cloudflare Announces Unmetered Mitigation to Make Attacks a Thing of the Past

By CloudBuzz | September 25, 2017

Eliminates “surge pricing” that had been standard in the DDoS mitigation space SAN FRANCISCO, Sept. 25, 2017 (GLOBE NEWSWIRE) — Cloudflare, the leading Internet performance and security company, today announced Unmetered Mitigation, giving customers unlimited and unmetered distributed denial-of-service (DDoS) attack…

IDC – Cognitive and Artificial Intelligence Systems to Reach $57.6 Billion in 2021

By CloudBuzz | September 25, 2017

IDC Spending Guide Forecasts Worldwide Spending on Cognitive and Artificial Intelligence Systems to Reach $57.6 Billion in 2021 FRAMINGHAM, Mass., September 25, 2017 – Worldwide spending on cognitive and artificial intelligence (AI) systems is forecast to reach $57.6 billion in 2021,…

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit to Help Cybersecurity Pros Securely Harness Cloud Technologies

By CloudBuzz | September 22, 2017

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit Research cites strengthening of cloud security skills top priority over next three years CLEARWATER, Fla. ,Sept. 22, 2017 /PRNewswire-USNewswire/ — (ISC)² today announced it’s partnering with the Cloud Security Alliance (CSA) for the CSA…

Exclusive: T-Mobile, Sprint close to agreeing deal terms – Sources

By CloudBuzz | September 22, 2017

(Reuters) – T-Mobile US Inc (TMUS.O) is close to agreeing tentative terms on a deal to merge with peer Sprint Corp (S.N), people familiar with the matter said, a major breakthrough in efforts to merge the third and fourth largest…

Hack of U.S. securities regulator rattles investors, stirs doubts

By CloudBuzz | September 21, 2017

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading. The incursion at the…

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

By CloudBuzz | September 21, 2017

Servers Expose Over 1 Billion Records As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making…