Vibhav Agarwal

Four Tips For Better Information Security In The Cloud

Information Security

Businesses are increasingly relying on cloud based application deployments and are open to entrusting their most critical data to it. Unlike the early days of cloud, now, there is wider acceptance that cloud-based data can be as secure as on premise and, in some cases, perhaps even more so. Nonetheless, this doesn’t mean businesses can be complacent about cloud security. Stringent governance, risk and compliance is needed to keep information secure.

There can be no doubt that the public cloud services market continues to grow. Gartner forecasts it will reach $204 billion in 2016 – a more than 16 percent growth on 2015. A RightScale survey revealed that Amazon Web Services are in use by over half of the questioned IT professionals and enterprise workloads continue to move to both public and private cloud with more enterprises now running more than 1,000 virtual machines. Furthermore, the survey revealed that security has now been overtaken by a lack of resources or expertise as the number one cloud challenge.

cloud-security-attacks-vendors

This last point is highly significant. What was once a detractor could soon be a reason for migrating to the cloud. Gartner has predicted that security will become a primary reason for cloud take-up by government; big players such as Amazon, Microsoft and Google, points out research director Neville Cannon are able to invest more than most government agencies in state-of-the-art security.

As information becomes a strategic and competitive asset for tomorrow’s digital organizations, information security will become a bigger business priority in the years to come, regardless of the infrastructure, applications and data storage options deployed. Digital organizations cannot afford the business and reputational damage of a leak, hack or loss of information. To protect and preserve business data and reputation when using the cloud, it is imperative that businesses get the following four aspects right:

1. Separation of data

While multi-tenancy has been the mainstream cloud architecture, isolation of client data and applications is an increasing imperative. Multi-instance is therefore gaining ground as a cloud storage solution that separates company data.

For cloud service providers, managing customer expectations around the segregation of sensitive data can be a challenge. Today’s businesses have a higher level of understanding when it comes to specific controls around data access, storage and retrieval and managing network stack requirements.

Happily, virtualization technology now enables complete applications to be encapsulated in a virtual container with performance preservation and security isolation. This makes achieving multi-instance architecture simpler. It also allows for significant gain in terms of economies of scale and cost while preserving the data segregation principle across customers.

2. Access

Robust identity management is essential for the business to retain control over the type of access its users have. This includes strictly enforced processes for managing updates within the organisation, such as personnel responsibility changes. Such changes can impact the data and applications that team members need access to – and those that they don’t.

security-concerns

The cloud service provider should be able to track who accesses what and when and provide this information for early intrusion detection. This is a basic requirement and as such a robust authentication and authorization framework compatible with single sign on and active directory is now the entry-level standard. Advanced identity management tools such as Cloud Access Security Broker (CASB) are also now available to ensure management of access control between on-premises and cloud applications.

3. Regulatory compliance and data protection

The General Data Protection Regulation (GDPR) comes into force in 2018 in the EU. This will impact how businesses use and share customer data. Yet a study by Blue Coat Elastica Cloud Threat Labs found that 98 percent of analyzed apps aren’t GDPR ready and, shockingly that 12 percent of ‘broadly shared documents and files contain regulated information and confidential data such as source code and legal information.’

The government-wide Federal Risk and Authorization Management Program (FedRAMP) has clearly defined considerations for storing data on cloud. Increasingly, compliance with the Federal Information Security Management Act (FISMA) is becoming mandatory to do business and industry specific compliances such as HIPAA are gaining ground.

Companies remain responsible for regulatory compliance regardless of whether they own and manage their own IT infrastructure and storage solutions or use the services of a cloud provider. Organizations need to be aware of the type of data they hold and all relevant compliance considerations that may apply to it, for example protected personal information and financial information.

While specific demonstrations of compliance vary according to the compliance ability, it needs to be clear within the cloud service provider agreement the measures that the provider has in place for compliance.

4. Business continuity management

As organizations become globalized and inter-dependent, their ability to continue business 24X7X365 is one of the essential needs. Hence, companies should insist on a business continuity plan and periodic test assessments from the cloud service provider. Generally, this is established practice, as is providing proof of business continuity exercises every quarter. SSAE16 certification – the auditing standard for service organizations – covers some part of this.

Cloud storage and applications provide compelling business benefits around cost savings, efficiency and collaborative working. Companies dependent on cloud service providers for the integrity and security of their data need to have complete confidence in their provider. This means shared and agreed risk management processes that will help preserve and protect the security of the company’s information and safeguard the integrity of its operations.

By Vibhav Agarwal

Vibhav Agarwal

Vibhav Agarwal is the Director, Product Marketing at MetricStream.

Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

View Website
GDPR Compliance: A Network Perspective

GDPR Compliance: A Network Perspective

GDPR Compliance Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating ...
Is 2018 the Tipping Point in Digital Transformation?

Is 2018 the Tipping Point in Digital Transformation?

“Survival, in the cool economics of biology, means simply the persistence of one’s own genes in the generations to follow.” —Lewis ...
Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the ...
How Machine Learning Quantifies Trust & Improves Employee Experiences

How Machine Learning Quantifies Trust & Improves Employee Experiences

Machine Learning Quantifies Trust Bottom Line: By enabling enterprises to scale security with user behavior-based, contextual intelligence, Next-Gen Access strategies are ...
SD Wan Speeds

Debunking some common SD WAN myths

Common SD WAN Myths There are few buzzwords in the networking world as current as ‘SD WAN’ – and depending ...
IoT Security Intel

Cyber IoT Security: McAfee on Threats and Autonomous Cars

IoT Security Autonomous cars are just around the corner, there have been IoT security controversies surrounding their safety, and a ...
Worldwide Cloud IT Infrastructure Revenues Continue to Grow by Double Digits in the First Quarter of 2018

Worldwide Cloud IT Infrastructure Revenues Continue to Grow by Double Digits in the First Quarter of 2018

FRAMINGHAM, Mass., June 21, 2018 – According to the International Data Corporation (IDC) Worldwide Quarterly Cloud IT Infrastructure Tracker, vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and ...
AT&T Unveils $15-a-Month Video Service

AT&T Unveils $15-a-Month Video Service

Wireless company’s fees for programmers would depart from industry practice AT&T Inc. T -1.20% on Thursday unveiled a new video service, called WatchTV, that aims to use a “skinny bundle” of channels to recapture some ...
AI Storms Top Supercomputing Show – NVIDIA Brings Talks, Training, Demos, and More to ISC

AI Storms Top Supercomputing Show – NVIDIA Brings Talks, Training, Demos, and More to ISC

This is what smart people do for fun. Detecting gravitational waves millions of light years away, in real time. Powering computationally fast quantum mechanical simulations at high accuracy and low cost. Proving the feasibility of ...