Vibhav Agarwal

Four Tips For Better Information Security In The Cloud

Information Security

Businesses are increasingly relying on cloud based application deployments and are open to entrusting their most critical data to it. Unlike the early days of cloud, now, there is wider acceptance that cloud-based data can be as secure as on premise and, in some cases, perhaps even more so. Nonetheless, this doesn’t mean businesses can be complacent about cloud security. Stringent governance, risk and compliance is needed to keep information secure.

There can be no doubt that the public cloud services market continues to grow. Gartner forecasts it will reach $204 billion in 2016 – a more than 16 percent growth on 2015. A RightScale survey revealed that Amazon Web Services are in use by over half of the questioned IT professionals and enterprise workloads continue to move to both public and private cloud with more enterprises now running more than 1,000 virtual machines. Furthermore, the survey revealed that security has now been overtaken by a lack of resources or expertise as the number one cloud challenge.

cloud-security-attacks-vendors

This last point is highly significant. What was once a detractor could soon be a reason for migrating to the cloud. Gartner has predicted that security will become a primary reason for cloud take-up by government; big players such as Amazon, Microsoft and Google, points out research director Neville Cannon are able to invest more than most government agencies in state-of-the-art security.

As information becomes a strategic and competitive asset for tomorrow’s digital organizations, information security will become a bigger business priority in the years to come, regardless of the infrastructure, applications and data storage options deployed. Digital organizations cannot afford the business and reputational damage of a leak, hack or loss of information. To protect and preserve business data and reputation when using the cloud, it is imperative that businesses get the following four aspects right:

1. Separation of data

While multi-tenancy has been the mainstream cloud architecture, isolation of client data and applications is an increasing imperative. Multi-instance is therefore gaining ground as a cloud storage solution that separates company data.

For cloud service providers, managing customer expectations around the segregation of sensitive data can be a challenge. Today’s businesses have a higher level of understanding when it comes to specific controls around data access, storage and retrieval and managing network stack requirements.

Happily, virtualization technology now enables complete applications to be encapsulated in a virtual container with performance preservation and security isolation. This makes achieving multi-instance architecture simpler. It also allows for significant gain in terms of economies of scale and cost while preserving the data segregation principle across customers.

2. Access

Robust identity management is essential for the business to retain control over the type of access its users have. This includes strictly enforced processes for managing updates within the organisation, such as personnel responsibility changes. Such changes can impact the data and applications that team members need access to – and those that they don’t.

security-concerns

The cloud service provider should be able to track who accesses what and when and provide this information for early intrusion detection. This is a basic requirement and as such a robust authentication and authorization framework compatible with single sign on and active directory is now the entry-level standard. Advanced identity management tools such as Cloud Access Security Broker (CASB) are also now available to ensure management of access control between on-premises and cloud applications.

3. Regulatory compliance and data protection

The General Data Protection Regulation (GDPR) comes into force in 2018 in the EU. This will impact how businesses use and share customer data. Yet a study by Blue Coat Elastica Cloud Threat Labs found that 98 percent of analyzed apps aren’t GDPR ready and, shockingly that 12 percent of ‘broadly shared documents and files contain regulated information and confidential data such as source code and legal information.’

The government-wide Federal Risk and Authorization Management Program (FedRAMP) has clearly defined considerations for storing data on cloud. Increasingly, compliance with the Federal Information Security Management Act (FISMA) is becoming mandatory to do business and industry specific compliances such as HIPAA are gaining ground.

Companies remain responsible for regulatory compliance regardless of whether they own and manage their own IT infrastructure and storage solutions or use the services of a cloud provider. Organizations need to be aware of the type of data they hold and all relevant compliance considerations that may apply to it, for example protected personal information and financial information.

While specific demonstrations of compliance vary according to the compliance ability, it needs to be clear within the cloud service provider agreement the measures that the provider has in place for compliance.

4. Business continuity management

As organizations become globalized and inter-dependent, their ability to continue business 24X7X365 is one of the essential needs. Hence, companies should insist on a business continuity plan and periodic test assessments from the cloud service provider. Generally, this is established practice, as is providing proof of business continuity exercises every quarter. SSAE16 certification – the auditing standard for service organizations – covers some part of this.

Cloud storage and applications provide compelling business benefits around cost savings, efficiency and collaborative working. Companies dependent on cloud service providers for the integrity and security of their data need to have complete confidence in their provider. This means shared and agreed risk management processes that will help preserve and protect the security of the company’s information and safeguard the integrity of its operations.

By Vibhav Agarwal

Vibhav Agarwal

Vibhav Agarwal is the Director, Product Marketing at MetricStream.

Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

View Website

CONTRIBUTORS

Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Financial Management Finds a Welcome Home in the Cloud

Financial Management Finds a Welcome Home in the Cloud

Cloud Based Financial Management The most cautious person in any organization is likely to be the CFO. After all, they’re ...
Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Multi-Instance vs. Multi-Tenant Architecture  The cloud is part of everything we do. It’s always there backing up our data, pictures, ...
How Big Data Can Empower Native Ads

How Big Data Can Empower Native Ads

Empower Native Ads The realm of big data is expanding an astonishing rate, and its presence can be felt across ...
As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

The Multi-cloud Landscape The digital universe is expanding rapidly, and cloud computing is building the foundation for almost infinite use ...
What is shadow IT?

How to Make the Move to the Cloud Securely

Move to the Cloud Securely The 2016 Enterprise Cloud Computing Survey from IDG offers multiple interesting insights concerning the state ...
What’s Next In Cloud And Data Security For 2017?

What’s Next In Cloud And Data Security For 2017?

Cloud and Data Security It has been a tumultuous year in data privacy to say the least – we’ve had ...
The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the ...
Principles of an Effective Cybersecurity Strategy

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...

NEWS

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...
email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...