CLOUDTWEAKS DEMAND GENERATION

Each year we provide a few highly customized demand generation opportunities to partners and going into our 10th year at CloudTweaks is certainly no different. We are on the lookout for technology vendors to collaborate with on a number of initiatives in 2019. 

Sponsorship opportunities will be available for all budgets and sizes including the (premium) thought leadership exposure program or the webinar, podcast, white paper or explainer video lead generation program. 

Michelle Drolet

3 Keys To Keep Enterprise Clouds Secure

Keep Enterprise Clouds Secure

Outsourcing has won out over ownership, and the rush to the cloud continues to gather pace. Where security is concerned there are two major trends that threaten to expose your company to unnecessary risk. There’s a lack of planning and due diligence when choosing cloud providers, and there’s a murky grey area when it comes to responsibility. They can both be mitigated by building security planning into your system from the start, instead of trying to retro-fit.

enterprise-cloudThere are standards that can be applied to inform your planning, and help you to assess the maturity of your security model. The Cloud Controls Matrix (CCM) by the Cloud Security Alliance seeks to uncover a set of fundamental security principles that you can use to assess your prospective cloud providers, or, if you’re a cloud vendor, to guide your development and enable you to tick all those vital security boxes for customers.

Evaluating cloud provider security

When shopping for a cloud partner there’s a lot to consider and you should use something like the CCM to drill down into the details. Looking at the bigger picture, you need to address a lot of potential security risks.

Before you start to build out a security plan, probably drawing on your existing governance, risk and compliance processes, take time to analyze your data and identify all of your assets. Data classification and discovery is often overlooked and good security is about protecting everything, not just whatever is in your line of sight.

Ask any prospective cloud provider to produce detailed documentation on their setup. A complete set of terms should be hammered out in your Service Level Agreement (SLA) that covers every potential eventuality down the line. This will protect you and establish levels of responsibility. You should be clear on data encryption in transit and storage, compliance and legal exposure, levels of authentication, and what happens in the event of service breakdown.

It’s important to understand exactly what control you are ceding to an external party. Try to avoid the vendor lock-in that typically accompanies proprietary software, there are plenty of good applications and services out there that meet industry standards and deliver the functionality you need. You can also leverage more value from your existing tools and systems by investigating their security capabilities; you may find that you aren’t maximizing the potential of what you already have.

Consider how the system will be managed and how security incidents are handled. Is there a mechanism in place to detect and report security breaches? Without it, you simply don’t know how secure your system is.

Changing roles, who’s responsible for this?

Separate internal security teams are a thing of the past, those responsibilities are typically being infused within infrastructure and network administration roles. There’s a danger when this occurs that too much responsibility is being heaped onto already overburdened shoulders. Is the necessary expertise there? Are roles and responsibilities clearly defined? Do your internal employees have the mechanisms of control in place?

There could be an easy answer to this. If you’re prepared to outsource your data or application delivery and management, then why treat security any differently?  A dedicated external team with the correct expertise can own your security model and ensure that it meets high standards across the board, from compliance and governance, to privacy policy, auditing, data protection, and beyond.

Whether you need to adhere to ISO 27001/27002 or NIST compliance standards, you can bet that a dedicated external cloud security team working with these frameworks daily is going to have a better handle on them than internal staff with divided responsibilities. An external audit can document gaps in your system and give you a realistic snapshot of your risk. Before you can control and mitigate risks, you need to understand what they are.

Building a solid foundation

The shift to the cloud is not a one-off process, it’s a fluid evolution, and so establishing a model for your plan which can inform everything that comes later is important. You’re not looking to find that one perfect solution, you’re trying to adopt an approach and a set of standards that will ensure security beyond the horizon. Achieving a high level of security with your private or public cloud services and applications is easier and cheaper if you start right.

Make sure that boat is seaworthy before you launch, because finding and plugging leaks when you’re out in the middle of the ocean is asking for trouble.

Michelle-Drolet

By Michelle Drolet,

Michelle is the founder of Towerwall (www.towerwall.com) a data security services provider in Framingham, MA with clients such as PerkinElmer, Smith & Wesson, Middlesex Savings Bank, Brown University and SMBs. You may reach her at michelled@towerwall.com.

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading brand and thought leadership exposure programs.

RESOURCES

Technology Certification Courses

Top Five Technology Certification Courses To Choose From In 2018

Technology Certification Courses Gartner predicts that the global public cloud services market is projected to grow by 55 percent in the next three years and is expected to reach $383.3 billion by the end of 2020. Today, cloud computing helps enterprises ...
12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services For Your Company

Business Intelligence (BI) Services Business Intelligence (BI) services have recently seen an explosion of innovation and choices for business owners and entrepreneurs. So many choices, in fact, that many companies aren’t sure which business intelligence company to use. To help ...
Top 50 Cloud Hosting Services

Top 50 Cloud Hosting Services

The methodology behind our top 50 cloud list is based on several years of experience understanding and following who the key players are in the industry. Click to review the current top 50 and stay tuned for future discussion ...
10 Prototyping Tools To Help Build Your Startup

10 Prototyping Tools To Help Build Your Startup

Prototyping Tools We are continuing this week by focusing on startup tools, tips and tweaks that will help you build, design, manage and market your way into the cloud based business that you want to be. Last week we offered a ...
Network Management Software Buyer Guide 2018

Network Management Software Buyer Guide 2018

This concise data-driven report covers the Network Management software landscape, as of August 2018. he 24-page report includes: Market Overview - Top 10 Network Management products in 2018, User reviews and vendor size data, In-depth look at the Top 3 ...

CONTRIBUTORS

Istio 1.0: Making It Easier To Develop and Deploy Microservices

Istio 1.0: Making It Easier To Develop and Deploy Microservices

With the recent availability of Istio 1.0 it is not surprising that it continues to capture much attention from the ...
Want to dip your toe into the cloud? Challenges of a Large Migration

Want to dip your toe into the cloud? Challenges of a Large Migration

Challenges of a Large Migration Migrating to the cloud can be a daunting task. First you have to go through ...
Matthew Cleaver

Dispelling the Myths of Cloud Solutions for the Small Business

Dispelling the Myths of Cloud Solutions As a business leader, migrating to the cloud can be overwhelming due to the ...
Wearable Tech For Those With Disabilities: Shaping the Future

Wearable Tech For Those With Disabilities: Shaping the Future

Wearable Tech For Those With Disabilities Wearable tech is one of the most exciting aspects of the rapidly growing tech ...
The Cloud Has Your Data (Whether You Like It Or Not)

The Cloud Has Your Data (Whether You Like It Or Not)

Cloud Cleanup Anyone? Following on where we left off from my last two articles now we shift focus to what ...
The Cloud Debate - Private, Public, Hybrid or Multi Clouds?

The Cloud Debate – Private, Public, Hybrid or Multi Clouds?

The Cloud Debate Now that we've gotten over the hump of whether we should adopt the cloud or not, "which ...
Driving Transformation? It is possible to predict the future.

Driving Transformation? It is possible to predict the future.

Driving Transformation Previously, I wrote about the criticality of defining the Vision for your transformation - what is your real objective, how ...