Backup Collaboration Mobile Security Storage Strategy Virtualisation
Privacy

Current Filter: Cloud>>>>>>

Key Word Search Filter within Articles: A picture of health

PREVIOUS

Filtered Articles:1 of 1   Current Article ID:5897

NEXT



The three-step plan to cloud security

Editorial Type: Opinion     Date: 09-2015    Views: 3233      












Chris Pace, head of product marketing at Wallix, suggests three security questions that cloud service providers should expect to hear from any business expanding or adopting cloud services

As cloud adoption accelerates with more and more businesses moving increasing amounts - and types - of data to hosted services, there’s no question that the biggest barrier to migration continues to be security. In a recent report, Forrester has estimated that firms are already spending $282m on cloud security and predicts this will rise to $2bn within five years. The root of these perceived risks are legitimate concerns about data loss, as well as the need to be able to prove compliance with increasing regulations across numerous industry verticals.

Having the knowledge and technical capability to address these will help to reassure businesses, enabling them to realise benefits such as cost reduction, flexibility and scalability. These organisations are prepared to balance the savings they can make in the cloud against investing in the security needed to protect their data.

1. What do you know about our compliance requirements?
Today it’s crucial for almost every kind of enterprise to not just implement robust information security technologies but also to be able to prove that they’re in place. In truth, the basis of most compliance regulations really are common sense security practices. Many businesses are less keen to move data and systems that fall under compliance requirements into the cloud as there is a widely held notion that on-premise is more secure and migration of these systems inherently more complex.

You’ll need to work to convince them of your expertise not just in providing the architecture that’s required for their migration but also that you have an understanding of data protection and threat intrusion technologies. If you’re able to invest in time for maintaining systems or deploying the latest technologies you may be able to convince them that data is at greater risk on-premise than being managed by a dedicated and security-aware cloud provider.

2. What about controlling and managing access?
Organisations that plan on working with a cloud provider to supply infrastructure will recognise that there is now the potential for many more individuals to be accessing their systems and data. For those investing in a completely managed service their focus will be on ensuring they have a way to see who’s accessing that service and what actions they’re taking.

If their intention is to use the cloud for IaaS or PaaS then their primary concern will be to control access for administration, not just for you as their cloud provider, but also for their own teams. Businesses realise that putting systems into the cloud could be their opportunity to begin to properly manage access for privileged users. You have an opportunity to reassure them of your capability to make that happen, to create an environment where only those who need access to systems get it when they need it, and where no local passwords are known or need to be changed.

The better control and visibility they have of when resources are accessed, upgraded or altered, the more secure these systems will be. Prospective customers should be asking cloud providers what steps they take to ensure access management is effective, not only for their admins but yours too.

3. What can you do to help us monitor and audit cloud-based systems?
The ability to record and audit activity on cloud systems is important from two standpoints. Firstly, to ensure compliance and give an audit trail in the event of a breach, but also to give businesses the kind of visibility they need to see how effective a cloud provider is.

Identifying activity taken on a server before a problem arises, ensuring that you meet agreed SLAs and defined patching regimes or that they expect to be undertaken has been successfully completed will undoubtedly give them peace of mind, especially if they can watch these activities in real time and even take action if they need to. This is all valuable intelligence, but keep in mind the potential impact in performance especially if session recording requires agents to be installed on target systems.

They’re also likely to want to be sure that it’s possible to record on as many operating systems as they can (including devices with command line interfaces). Even taking into account these considerations, session recording capability will help to give them the visibility and therefore the confidence to invest time and resources in migrating to the cloud.



Page   1  2

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT