| ||||||||||
| ||||||||||
Current Filter: Cloud>>>>>> Key Word Search Filter within Articles: A picture of health The three-step plan to cloud security Editorial Type: Opinion Date: 09-2015 Views: 3233 Key Topics: Cloud Security IaaS Infrastructure Compliance Strategy Key Companies: Wallix Key Products: Key Industries: | |||
| Chris Pace, head of product marketing at Wallix, suggests three security questions that cloud service providers should expect to hear from any business expanding or adopting cloud services As cloud adoption accelerates with more and more businesses moving increasing amounts - and types - of data to hosted services, there’s no question that the biggest barrier to migration continues to be security. In a recent report, Forrester has estimated that firms are already spending $282m on cloud security and predicts this will rise to $2bn within five years. The root of these perceived risks are legitimate concerns about data loss, as well as the need to be able to prove compliance with increasing regulations across numerous industry verticals. Having the knowledge and technical capability to address these will help to reassure businesses, enabling them to realise benefits such as cost reduction, flexibility and scalability. These organisations are prepared to balance the savings they can make in the cloud against investing in the security needed to protect their data.
1. What do you know about our compliance requirements? You’ll need to work to convince them of your expertise not just in providing the architecture that’s required for their migration but also that you have an understanding of data protection and threat intrusion technologies. If you’re able to invest in time for maintaining systems or deploying the latest technologies you may be able to convince them that data is at greater risk on-premise than being managed by a dedicated and security-aware cloud provider.
2. What about controlling and managing access? If their intention is to use the cloud for IaaS or PaaS then their primary concern will be to control access for administration, not just for you as their cloud provider, but also for their own teams. Businesses realise that putting systems into the cloud could be their opportunity to begin to properly manage access for privileged users. You have an opportunity to reassure them of your capability to make that happen, to create an environment where only those who need access to systems get it when they need it, and where no local passwords are known or need to be changed. The better control and visibility they have of when resources are accessed, upgraded or altered, the more secure these systems will be. Prospective customers should be asking cloud providers what steps they take to ensure access management is effective, not only for their admins but yours too.
3. What can you do to help us monitor and audit cloud-based systems? Identifying activity taken on a server before a problem arises, ensuring that you meet agreed SLAs and defined patching regimes or that they expect to be undertaken has been successfully completed will undoubtedly give them peace of mind, especially if they can watch these activities in real time and even take action if they need to. This is all valuable intelligence, but keep in mind the potential impact in performance especially if session recording requires agents to be installed on target systems. They’re also likely to want to be sure that it’s possible to record on as many operating systems as they can (including devices with command line interfaces). Even taking into account these considerations, session recording capability will help to give them the visibility and therefore the confidence to invest time and resources in migrating to the cloud.
Page 1 2 | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |