CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

Vibhav Agarwal

Four Tips For Better Information Security In The Cloud

Information Security

Businesses are increasingly relying on cloud based application deployments and are open to entrusting their most critical data to it. Unlike the early days of cloud, now, there is wider acceptance that cloud-based data can be as secure as on premise and, in some cases, perhaps even more so. Nonetheless, this doesn’t mean businesses can be complacent about cloud security. Stringent governance, risk and compliance is needed to keep information secure.

There can be no doubt that the public cloud services market continues to grow. Gartner forecasts it will reach $204 billion in 2016 – a more than 16 percent growth on 2015. A RightScale survey revealed that Amazon Web Services are in use by over half of the questioned IT professionals and enterprise workloads continue to move to both public and private cloud with more enterprises now running more than 1,000 virtual machines. Furthermore, the survey revealed that security has now been overtaken by a lack of resources or expertise as the number one cloud challenge.

cloud-security-attacks-vendors

This last point is highly significant. What was once a detractor could soon be a reason for migrating to the cloud. Gartner has predicted that security will become a primary reason for cloud take-up by government; big players such as Amazon, Microsoft and Google, points out research director Neville Cannon are able to invest more than most government agencies in state-of-the-art security.

As information becomes a strategic and competitive asset for tomorrow’s digital organizations, information security will become a bigger business priority in the years to come, regardless of the infrastructure, applications and data storage options deployed. Digital organizations cannot afford the business and reputational damage of a leak, hack or loss of information. To protect and preserve business data and reputation when using the cloud, it is imperative that businesses get the following four aspects right:

1. Separation of data

While multi-tenancy has been the mainstream cloud architecture, isolation of client data and applications is an increasing imperative. Multi-instance is therefore gaining ground as a cloud storage solution that separates company data.

For cloud service providers, managing customer expectations around the segregation of sensitive data can be a challenge. Today’s businesses have a higher level of understanding when it comes to specific controls around data access, storage and retrieval and managing network stack requirements.

Happily, virtualization technology now enables complete applications to be encapsulated in a virtual container with performance preservation and security isolation. This makes achieving multi-instance architecture simpler. It also allows for significant gain in terms of economies of scale and cost while preserving the data segregation principle across customers.

2. Access

Robust identity management is essential for the business to retain control over the type of access its users have. This includes strictly enforced processes for managing updates within the organisation, such as personnel responsibility changes. Such changes can impact the data and applications that team members need access to – and those that they don’t.

security-concerns

The cloud service provider should be able to track who accesses what and when and provide this information for early intrusion detection. This is a basic requirement and as such a robust authentication and authorization framework compatible with single sign on and active directory is now the entry-level standard. Advanced identity management tools such as Cloud Access Security Broker (CASB) are also now available to ensure management of access control between on-premises and cloud applications.

3. Regulatory compliance and data protection

The General Data Protection Regulation (GDPR) comes into force in 2018 in the EU. This will impact how businesses use and share customer data. Yet a study by Blue Coat Elastica Cloud Threat Labs found that 98 percent of analyzed apps aren’t GDPR ready and, shockingly that 12 percent of ‘broadly shared documents and files contain regulated information and confidential data such as source code and legal information.’

The government-wide Federal Risk and Authorization Management Program (FedRAMP) has clearly defined considerations for storing data on cloud. Increasingly, compliance with the Federal Information Security Management Act (FISMA) is becoming mandatory to do business and industry specific compliances such as HIPAA are gaining ground.

Companies remain responsible for regulatory compliance regardless of whether they own and manage their own IT infrastructure and storage solutions or use the services of a cloud provider. Organizations need to be aware of the type of data they hold and all relevant compliance considerations that may apply to it, for example protected personal information and financial information.

While specific demonstrations of compliance vary according to the compliance ability, it needs to be clear within the cloud service provider agreement the measures that the provider has in place for compliance.

4. Business continuity management

As organizations become globalized and inter-dependent, their ability to continue business 24X7X365 is one of the essential needs. Hence, companies should insist on a business continuity plan and periodic test assessments from the cloud service provider. Generally, this is established practice, as is providing proof of business continuity exercises every quarter. SSAE16 certification – the auditing standard for service organizations – covers some part of this.

Cloud storage and applications provide compelling business benefits around cost savings, efficiency and collaborative working. Companies dependent on cloud service providers for the integrity and security of their data need to have complete confidence in their provider. This means shared and agreed risk management processes that will help preserve and protect the security of the company’s information and safeguard the integrity of its operations.

By Vibhav Agarwal

Vibhav Agarwal

Vibhav Agarwal is the Director, Product Marketing at MetricStream.

Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

View Website
The Lighter Side Of The Cloud - YTF
The Lighter Side Of The Cloud - Engine Troubles
The Lighter Side Of The Cloud - Snowball Effect
The Democratization of Business Software Technology

The Democratization of Business Software Technology

Democratization of Software Advances in the cloud have changed the way we interact with the world. From how we pay ...
Cloud’s Mighty Role - Why Custom Development is the Next Big Thing (Again)

Cloud’s Mighty Role – Why Custom Development is the Next Big Thing (Again)

Custom Development is the Next Big Thing Today, software is playing a very important role in performing basic business processes ...
Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices With workplace mobility now a way of life and companies investing in cloud-based ...
Combatting Malware in the Cloud Requires a New Way of Thinking

Combatting Malware in the Cloud Requires a New Way of Thinking

Malware in the Cloud It’s no secret that cloud adoption has exploded in the enterprise over last few years. However, ...
Four Cloud Security Mega Trends

Four Cloud Security Mega Trends

Cloud Security Trends Last year was a big year for the cloud. Cloud adoption continued to grow at a rapid ...
Built to Last: Choosing the Right Infrastructure Partner for Your Game

Built to Last: Choosing the Right Infrastructure Partner for Your Game

Choosing the Right Infrastructure Partner There are millions of gamers around the globe, and according to gaming market research firm ...
Want to dip your toe into the cloud? Challenges of a Large Migration

Want to dip your toe into the cloud? Challenges of a Large Migration

Challenges of a Large Migration Migrating to the cloud can be a daunting task. First you have to go through ...
Technology Certification Courses

Top Five Technology Certification Courses To Choose From In 2018

Technology Certification Courses Gartner predicts that the global public cloud services market is projected to grow by 55 percent in the next three years and is expected to reach $383.3 billion by the end of 2020. Today, cloud computing helps enterprises ...
8 Cloud Characteristics Every ERP System Needs

8 Cloud Characteristics Every ERP System Needs

ERP System Cloud-based ERP systems offer many benefits to a growing organization. And those benefits are catching on in a big way in recent years. In fact, according to the RightScale State of the Cloud 2016 Survey, which has collected ...
The Developer’s Guide to Azure

The Developer’s Guide to Azure

Develop on a cloud platform designed for you. In this update of the Developer’s Guide to Azure, see how the comprehensive set of Azure app platform services fits your needs. Use it to navigate the architectural approaches and most common ...
HTML5 Speed Test

HTML5 Speed Test

HTML5 SPEED TEST SERVICES There is no made-for-all solution when it comes to optimizing a website for speed, and while putting a cloud platform in place is a good start, every cloud startup should ensure that they have an optimization ...
Top 10 Machine Learning Algorithms

Top 10 Machine Learning Algorithms to Know

Top 10 Machine Learning Algorithms Modern advancements in Artificial Intelligence (AI) are set to change our world for the better. These developments have largely been made possible due to technologies such as cloud sharing, data analytics, blockchain, and improved computing ...
Business Analytics Vs Data Science

Business Analytics Vs Data Science

Big Data Continues To Grow Big Data continues to be a much discussed topic of interest and for good reason.  According to a recent report from International Data Corporation (IDC), "worldwide revenues for big data and business analytics will grow ...