When cloud hosting is properly managed and configured, this new shift into information technology is just as secure as non-virtualized or non-cloud environments.
The compelling benefits of cloud computing ranging from lower capital outlay, reduced operating costs, unlimited bandwidth, storage, and “as needed” scalability make cloud computing extremely popular. Cloud hosting has been growing exponentially by concentrating on greater security, visibility, and control. The biggest differentiators among cloud services providers are how they handle security, and therefore every business organization should demand providers meet certain security benchmarks.
An organization needs to clearly define the type of services they will need to move into the cloud and decide on a timeline for migrating data. Will you need a private, public, or virtual cloud, and which will be the best match based on the services needed, costs, and security requirements?
Take inventory of your existing IT security practices and processes and gauge the performance into the cloud provider’s security. You might begin with how the cloud host segregates and isolates individual users? Some providers offer free benefits to protect applications by applying strict registration and validation processes. Others perform more deliberate monitoring. When the host states that data is deleted, is it really deleted? Who will be administering your data? Where will your data be stored?
Cloud Compliancy for Security
A Service Level Agreement (SLA) is generally accepted as a data security necessity. Understand the service provider’s responsibility and guarantees. Get specifics regarding IDS, IPS, firewalls and other security applications and technology they have deployed. Make sure the provider’s infrastructure is protected from DoS attacks. For instance, the United States requires responsibility for data at all times under the Sarbanes-Oxley Act of 2002 regulations. Check the results of recent audits testing performances done related to the cloud host’s own infrastructure such as SAS70 audits. Organizations need to know within what country their data is stored since compliance regulations may preclude international locations. Cloud hosts should be able to supply an organization with the following:
* What information is stored?
* Where is the information stored?
* Who can access the information?
* What information can be accessed?
* What proof is required for accessing information?
Cloud Platform Security
The cloud environment comes in three service formats, and each organization needs to figure out which one works best for them and which platform will create the most secure strategy for their data needs:
* SaaS dictates third party cloud provider that takes complete responsibility for data security. Make sure this is included in the SLA and any business should be aware of firewalls, access controls and be sure the physical security at the data center meets the requirements of the organization before entering into a contract.
* PaaS delivers an organization’s custom applications on the provider’s OS and storage platform, and therefore the cloud host is responsible for security. The organization needs to know what security is in place, encryption data, and patch management policies.
* IaaS is the most flexible of cloud platforms and supplies a business with the tools to operate and control their own cloud based services.
Organizations need to work together with the hosts to work on mutual security tools. Important to know is who is responsible for the Intrusion Detection System (IDS) in the cloud, how it is deployed, and how an organization would be notified of attacks.
Security testing
Organizations should know how often security procedures are audited and should have information to meet regulatory breach notification requirements. (SLAs) Although rare, breaches and losses can happen in the cloud, and there should be plans for subsequent forensic investigations and security audits. Review the cloud provider’s own disaster recovery and be sure it aligns with the requirements of your business enterprise. Business continuity plans should also address compliance limitations.
Protect data at rest
Data kept in one place becomes an easy target. Even though it is encrypted it is not always safe; locate where data will reside. If possible perform a personal inspection of cloud service providers and look at the physical structure. Find out who has access to the data center. Are there armed guards, barbed wire, and other security safeguards?
Finding the right cloud host
The key for any organization is to trust your cloud service provider and their infrastructure so your company’s need to access security standards and to prove security compliance to auditors has viable measurement criteria. An organization needs to know that the cloud service provider is following security best practices and can pass regulatory audits. The service provider you choose should assure your organization dynamic and regulatory reports that can inspire the confidence needed by auditors and customers alike
The compelling benefits of cloud computing ranging from lower capital outlay, reduced operating costs, unlimited bandwidth, storage, and “as needed” scalability make cloud computing extremely popular. Cloud hosting has been growing exponentially by concentrating on greater security, visibility, and control. The biggest differentiators among cloud services providers are how they handle security, and therefore every business organization should demand providers meet certain security benchmarks.
An organization needs to clearly define the type of services they will need to move into the cloud and decide on a timeline for migrating data. Will you need a private, public, or virtual cloud, and which will be the best match based on the services needed, costs, and security requirements?
Take inventory of your existing IT security practices and processes and gauge the performance into the cloud provider’s security. You might begin with how the cloud host segregates and isolates individual users? Some providers offer free benefits to protect applications by applying strict registration and validation processes. Others perform more deliberate monitoring. When the host states that data is deleted, is it really deleted? Who will be administering your data? Where will your data be stored?
Cloud Compliancy for Security
A Service Level Agreement (SLA) is generally accepted as a data security necessity. Understand the service provider’s responsibility and guarantees. Get specifics regarding IDS, IPS, firewalls and other security applications and technology they have deployed. Make sure the provider’s infrastructure is protected from DoS attacks. For instance, the United States requires responsibility for data at all times under the Sarbanes-Oxley Act of 2002 regulations. Check the results of recent audits testing performances done related to the cloud host’s own infrastructure such as SAS70 audits. Organizations need to know within what country their data is stored since compliance regulations may preclude international locations. Cloud hosts should be able to supply an organization with the following:
* What information is stored?
* Where is the information stored?
* Who can access the information?
* What information can be accessed?
* What proof is required for accessing information?
Cloud Platform Security
The cloud environment comes in three service formats, and each organization needs to figure out which one works best for them and which platform will create the most secure strategy for their data needs:
* SaaS dictates third party cloud provider that takes complete responsibility for data security. Make sure this is included in the SLA and any business should be aware of firewalls, access controls and be sure the physical security at the data center meets the requirements of the organization before entering into a contract.
* PaaS delivers an organization’s custom applications on the provider’s OS and storage platform, and therefore the cloud host is responsible for security. The organization needs to know what security is in place, encryption data, and patch management policies.
* IaaS is the most flexible of cloud platforms and supplies a business with the tools to operate and control their own cloud based services.
Organizations need to work together with the hosts to work on mutual security tools. Important to know is who is responsible for the Intrusion Detection System (IDS) in the cloud, how it is deployed, and how an organization would be notified of attacks.
Security testing
Organizations should know how often security procedures are audited and should have information to meet regulatory breach notification requirements. (SLAs) Although rare, breaches and losses can happen in the cloud, and there should be plans for subsequent forensic investigations and security audits. Review the cloud provider’s own disaster recovery and be sure it aligns with the requirements of your business enterprise. Business continuity plans should also address compliance limitations.
Protect data at rest
Data kept in one place becomes an easy target. Even though it is encrypted it is not always safe; locate where data will reside. If possible perform a personal inspection of cloud service providers and look at the physical structure. Find out who has access to the data center. Are there armed guards, barbed wire, and other security safeguards?
Finding the right cloud host
The key for any organization is to trust your cloud service provider and their infrastructure so your company’s need to access security standards and to prove security compliance to auditors has viable measurement criteria. An organization needs to know that the cloud service provider is following security best practices and can pass regulatory audits. The service provider you choose should assure your organization dynamic and regulatory reports that can inspire the confidence needed by auditors and customers alike
ـــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ
