Vibhav Agarwal

Four Tips For Better Information Security In The Cloud

Information Security

Businesses are increasingly relying on cloud based application deployments and are open to entrusting their most critical data to it. Unlike the early days of cloud, now, there is wider acceptance that cloud-based data can be as secure as on premise and, in some cases, perhaps even more so. Nonetheless, this doesn’t mean businesses can be complacent about cloud security. Stringent governance, risk and compliance is needed to keep information secure.

There can be no doubt that the public cloud services market continues to grow. Gartner forecasts it will reach $204 billion in 2016 – a more than 16 percent growth on 2015. A RightScale survey revealed that Amazon Web Services are in use by over half of the questioned IT professionals and enterprise workloads continue to move to both public and private cloud with more enterprises now running more than 1,000 virtual machines. Furthermore, the survey revealed that security has now been overtaken by a lack of resources or expertise as the number one cloud challenge.


This last point is highly significant. What was once a detractor could soon be a reason for migrating to the cloud. Gartner has predicted that security will become a primary reason for cloud take-up by government; big players such as Amazon, Microsoft and Google, points out research director Neville Cannon are able to invest more than most government agencies in state-of-the-art security.

As information becomes a strategic and competitive asset for tomorrow’s digital organizations, information security will become a bigger business priority in the years to come, regardless of the infrastructure, applications and data storage options deployed. Digital organizations cannot afford the business and reputational damage of a leak, hack or loss of information. To protect and preserve business data and reputation when using the cloud, it is imperative that businesses get the following four aspects right:

1. Separation of data

While multi-tenancy has been the mainstream cloud architecture, isolation of client data and applications is an increasing imperative. Multi-instance is therefore gaining ground as a cloud storage solution that separates company data.

For cloud service providers, managing customer expectations around the segregation of sensitive data can be a challenge. Today’s businesses have a higher level of understanding when it comes to specific controls around data access, storage and retrieval and managing network stack requirements.

Happily, virtualization technology now enables complete applications to be encapsulated in a virtual container with performance preservation and security isolation. This makes achieving multi-instance architecture simpler. It also allows for significant gain in terms of economies of scale and cost while preserving the data segregation principle across customers.

2. Access

Robust identity management is essential for the business to retain control over the type of access its users have. This includes strictly enforced processes for managing updates within the organisation, such as personnel responsibility changes. Such changes can impact the data and applications that team members need access to – and those that they don’t.


The cloud service provider should be able to track who accesses what and when and provide this information for early intrusion detection. This is a basic requirement and as such a robust authentication and authorization framework compatible with single sign on and active directory is now the entry-level standard. Advanced identity management tools such as Cloud Access Security Broker (CASB) are also now available to ensure management of access control between on-premises and cloud applications.

3. Regulatory compliance and data protection

The General Data Protection Regulation (GDPR) comes into force in 2018 in the EU. This will impact how businesses use and share customer data. Yet a study by Blue Coat Elastica Cloud Threat Labs found that 98 percent of analyzed apps aren’t GDPR ready and, shockingly that 12 percent of ‘broadly shared documents and files contain regulated information and confidential data such as source code and legal information.’

The government-wide Federal Risk and Authorization Management Program (FedRAMP) has clearly defined considerations for storing data on cloud. Increasingly, compliance with the Federal Information Security Management Act (FISMA) is becoming mandatory to do business and industry specific compliances such as HIPAA are gaining ground.

Companies remain responsible for regulatory compliance regardless of whether they own and manage their own IT infrastructure and storage solutions or use the services of a cloud provider. Organizations need to be aware of the type of data they hold and all relevant compliance considerations that may apply to it, for example protected personal information and financial information.

While specific demonstrations of compliance vary according to the compliance ability, it needs to be clear within the cloud service provider agreement the measures that the provider has in place for compliance.

4. Business continuity management

As organizations become globalized and inter-dependent, their ability to continue business 24X7X365 is one of the essential needs. Hence, companies should insist on a business continuity plan and periodic test assessments from the cloud service provider. Generally, this is established practice, as is providing proof of business continuity exercises every quarter. SSAE16 certification – the auditing standard for service organizations – covers some part of this.

Cloud storage and applications provide compelling business benefits around cost savings, efficiency and collaborative working. Companies dependent on cloud service providers for the integrity and security of their data need to have complete confidence in their provider. This means shared and agreed risk management processes that will help preserve and protect the security of the company’s information and safeguard the integrity of its operations.

By Vibhav Agarwal

Vibhav Agarwal

Vibhav Agarwal is the Director, Product Marketing at MetricStream.

Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

View Website


The Paradox of Colocation Solutions

The Paradox of Colocation Solutions

Colocation Solutions According to Aberdeen Group and Ventana Research, one out of four enterprises surveyed expect their data to grow ...
IT Service Management Strategy

Automation and the IT Service Management Strategy

IT Service Management Strategy It’s true. The full potential of automation cannot be fully realized until it is informed and ...
The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups Cloud platforms have become a necessary part of modern business with the benefits far outweighing ...
blcokchain contributor

Cryptographic Key Generation – It’s Time To Pay Attention

Cryptographic Key Generation When we think about cryptographic keys, we tend to think about closely guarded secrets. Keys are the only ...
Four FinTech Trends To Look Out For

Four FinTech Trends To Look Out For

FinTech Trends The fintech industry witnessed an enormous growth in 2015. Around $7.6 billion were invested in fintech companies last ...
What Is A Hybrid Cloud? Deconstructing Its Two Components

What Is A Hybrid Cloud? Deconstructing Its Two Components

What Is A Hybrid Cloud? With the emergence of cloud-computing technology comes the addition of new terminology. The terms public ...


Rackspace Extends Managed Security to Google Cloud Platform

Rackspace Extends Managed Security to Google Cloud Platform

SAN ANTONIO, March 21, 2018 (GLOBE NEWSWIRE) -- Rackspace® announced today that Managed Security and Compliance Assistance for Google Cloud Platform (GCP) is now available for preview to new and existing customers that use Rackspace Managed Services for GCP ...
Google classroom

Helping G Suite customers stay secure with new proactive phishing protections and management controls

Security tools are only effective at stopping threats if they are deployed and managed at scale, but getting everyone in your organization to adopt these tools ultimately hinges on how easy they are to use ...
Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

By 2021, Regulatory Compliance Will Become the Prime Influencer for IoT Security Uptake Internet of Things (IoT)-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations ...
BMW raises R&D spending for electric, autonomous cars

BMW raises R&D spending for electric, autonomous cars

Munich (Reuters) - German carmaker BMW (BMWG.DE) will increase research and development (R&D) spending to an all-time high of up to 7 billion euros ($8.6 billion) this year as part of efforts to bring 25 ...
Providers Benchmark Report: Cloud Spectator Releases Annual Top 10 Cloud IaaS

Providers Benchmark Report: Cloud Spectator Releases Annual Top 10 Cloud IaaS

Significant differences persist with price-performance across Public Clouds BOSTON, MA, March 20, 2018 — Cloud Spectator, the industry’s leading benchmarking and cloud consulting firm, today released its 2018 Top 10 Cloud IaaS Price-Performance Benchmark Report ...
Where's Zuck? Facebook CEO silent as data harvesting scandal unfolds

Where’s Zuck? Facebook CEO silent as data harvesting scandal unfolds

Amid calls for investigation and a #DeleteFacebook campaign, company releases an official statement but its figurehead keeps quiet The chief executive of Facebook, Mark Zuckerberg, has remained silent over the more than 48 hours since ...