CMI
  • Linkedin
  • Twitter
  • Facebook
  • Youtube
  • HOME
  • ADC
    • WHAT IS AN ADAPTABLE DATA CENTER®?
  • SOLUTIONS
      • CONVERGED INFRASTRUCTURE
      • DATA MANAGEMENT
      • FLASH SOLUTIONS
      • DATA CENTER OPTIMIZATION
    • SECURITY SOLUTIONS
      • Application Vulnerability
      • Endpoint Security Management
      • Enterprise Security Management
      • Security Inquiry
      • DSS-V Distributed Security System
    • CLOUD SOLUTIONS
      • Private, Public, & Hybrid Cloud
      • Automation and Orchestration
      • Cloud Management
      • Cloud Security
      • SaaS, PaaS, IaaS, ITaaS
        Solutions & Services
      • Cloud Workload Migration
  • SERVICES
      • SECURITY SOLUTIONS
      • SAAS, PAAS, IAAS AND ITAAS
      • PROJECT MANAGEMENT & ADMINISTRATION
      • ENTERPRISE APPLICATION
        DEVELOPMENT & SUPPORT
      • IT CAPABILITY AND MATURITY
        STRATEGIC PLANNING
      • MAINTENANCE CONTRACTS
      • HELP DESK
      • PARTNERS
      • Powered by M5
  • BLOG
  • NEWS
    • PRESS RELEASES
    • EVENTS
      • Calendar
      • Professional Communities
      • CISO Roundtable
      • CIO Roundtable
  • ABOUT US
      • WHY CMI?
      • LEADERSHIP
      • TESTIMONIALS
    • CAREERS
      • Job Listings
      • Apply
  • RESOURCES
    • DYNATRACE FREE TRIAL
    • ACT PORTAL
    • CLIENT PROFILES
    • YOUTUBE
    • WHITE PAPERS
    • PODCASTS
  • CONTACT US
  • Search
  • Menu
  • CMI Blog
  • CMI Blog

Managing IT Security in the Cloud

7 Things to Consider, Part 1

4 gesicherte Cloud Computing Server, verschlsseltThere are many inherent benefits in leveraging the public cloud, such as infrastructure agility, scalability, cost-efficiency, and in many cases, performance. In the past couple of years we’ve seen that companies, from small to large enterprises, which have significant footprint in the traditional data center more willing to adopt cloud infrastructure and migrate critical workloads onto cloud infrastructures. Even with these benefits, many of our clients and prospective clients are still hesitant to go “all-in” on public cloud due to concerns around security and visibility. All enterprises, whether a born-in-the-cloud company or a traditional enterprise, should consider 7 things when managing IT security in the cloud:

1. Align Cloud Security of Your Organization to SLAs and Business Objectives

There are many security products and solutions out there in the marketplace that can help secure data, applications, OS, and network configurations in the cloud. Instead of just chasing after the shiny objects, it is important that you vet the right ones that are truly aligned with your SLAs and business objectives. Organizations should understand and document current critical business metrics and how they will change when operations go into the cloud — and figure out how cloud security solutions could help uphold these metrics of success. Of course, effective governance, risk, and compliance processes (internal audits) should also exist before bringing on new solutions.

2. Disaster Management

A good security solution should not just simply detect potential threats and block attacks. It should also have disaster management capabilities (or align with your existing DR strategy) to recover any lost data and track origin of the attack for subsequent investigation. One of the most widely employed disaster management strategies is secondary data back-up centers detached from their respective primary servers. Therefore, only the primary servers are affected in case of an attack. Companies should conduct periodic exercises for this and plan for proper steps that can be taken to ensure business continuity in the event of a significant breach.

3. Risk Management

Similar to securing a traditional data center (on-premise), in a cloud-based setting you also need to fully grasp all the major risks your company data face by conducting a comprehensive threat assessment. What type of data do you handle, process, and store? Which is the most sensitive part of your data, which if leaked, would result in negative publicity and impact on the bottom-line? It’s important to keep in mind that certifications and accreditations (PCI, HIPAA, ISO, SOC, etc.) for cloud providers don’t mean that you’re assured compliance—it’s ultimately your responsibility to encrypt and secure your own data. Encryption keys should also be protected in a robust manner.

In my next blog, we will look at the final 4 areas to consider with IT Security in the Cloud. Stay Tuned!

Benny Du

CMI – Your Adaptable Data Center Company

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Linkedin
  • Share by Mail
1 reply
  1. Ulf Mattsson says:
    November 24, 2015 at 9:03 am

    I agree that “Similar to securing a traditional data center (on-premise), in a cloud-based setting you also need to fully grasp all the major risks your company data face.” A new study, related to security for the mix of environments, by the SANS Institute reported that “fewer than a third of organizations have a strategy in place to tailor security requirements to the mix of environments they use,” and “fewer than a third of organizations have a strategy in place to tailor security requirements to the mix of environments they use.”

    The study reported that “75 percent of organizations utilize identity and access management tools on premises, only 31 percent use it in the cloud,” and “63 percent of organizations use a SIEM to track security events across traditional data center assets, just 25 percent do the same with cloud assets.”

    I agree that “It’s important to keep in mind that certifications and accreditations (PCI, HIPAA, ISO, SOC, etc.) for cloud providers don’t mean that you’re assured compliance—it’s ultimately your responsibility to encrypt and secure your own data. Encryption keys should also be protected in a robust manner.”

    Recent guidance from Gartner is recommending to “understand when data appears in clear text, where keys are made available and stored, and who has access to the keys,” and recommending to “apply encryption or tokenization.”

    Amazon published “Introduction to AWS Security by Design” in October 2015 and recommends to “Encrypt your data or objects when they’re stored in the cloud, either by encrypting automatically on the cloud side, or on the client side before you upload it.” A recent Gartner report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files.”

    Ulf Mattsson, CTO Protegrity

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Adaptable Data Center
  • Cloud
  • CMI Updates
  • Company Update
  • Converged Infrastructure
  • Data Center
  • Flash
  • Hyper-Converged
  • IBM
  • Leadership
  • M5
  • Misc
  • News
  • Nutanix
  • Security
WHAT PEOPLE ARE SAYING

quote-close-sm.gifThe IT Assessment report was incredibly thorough and just what I had hoped for. I want us to move forward to post and with assistance from CMI, to screen candidates for the IT Manager. quote-close-sm.gifSandra L., CEO, Medical Services Company

LEARN MORE

CMI

655 Redwood Hwy, Suite 102
Mill Valley, CA 94941
Phone: 415.480.3636
Fax: 415.484.7298

 

©2019 CMI, A Solutions II Company
  • Linkedin
  • Twitter
  • Facebook
  • Youtube
  • Privacy Policy
  • Terms
  • Contact
  • Log In
4 Steps To Prevent  A Malware Attack Managing IT Security in the Cloud Part 2
Scroll to top