Top Ten Security Considerations for the Cloud PDF Print E-mail
Security - Compliance / Privacy
Written by Carol Woodbury   
Monday, 10 June 2013 00:00

Support MC Press - Visit Our Sponsors

Forums Sponsor

POPULAR FORUMS

Forums

Search Sponsor

Search

Whether you're using a cloud-based application or moving your whole infrastructure to the cloud, you should consider how this move affects your organization's security and compliance requirements.

 

Editor's Note: This article introduces the webcast "Top Ten Security Considerations for the Cloud" available free to view at the MC Webcast Center.

 

Many organizations are moving parts or all of their applications to the cloud. When data is moved to the cloud, who's responsible to ensure all of the security requirements continue to be met? Is the cloud a less secure environment or more secure? Can all of your organization's regulatory and compliance requirements still be met if the data is moved to the cloud? These are the types of questions you'll want to ask prior to moving your applications to the cloud.

 

The key to a successful move to the cloud is planning and getting the right contract in place with the cloud service provider. Make sure all expectations are defined and agreed to prior to moving your data to the cloud. One key element is to determine whether your organization's security policy, regulatory requirements, and compliance requirements can be met. To determine this, list the type of data that's moving to the cloudfor example, credit card data, healthcare information, other PII (Personally Identifiable Information), company confidential information, or general information. Based on this analysis, determine the requirements that must be applied from your organization's security policyfor example, audit logs must be 1) generated and 2) retained for a minimum of one year. Then determine if there are any regulatory requirements, such as those that apply to healthcare information or credit card data (just because credit card processing is moved to the cloud, it does not automatically eliminate your organization from all PCI DSS requirements.) Finally, consider any legal requirements for this data. For example, the EU has strict requirements about where data can be locatedas in the physical location of the data. Depending on your cloud provider, you may be in violation of this law if the cloud provider has data centers in certain countries.

 

Part of your investigation of the cloud provider is also understanding how they manage their systems from a security administration perspective. You may have a requirement that all administrative access to servers be over an encrypted session and that their activities be logged. Is this how the cloud provider operates?

 

Another security administration consideration is user account management and access. Will the cloud provider be able to create user accounts on a timely basis? More importantly, will the user access be cut off quickly enough to meet your requirements if an employee is released from the company?

 

When moving data to the cloud, people assume that the data is less secure. In some cases this is true; however, because they know they're going to be a target, most cloud providers have security experts as well as specialized equipment to detect and fend off attacks. Prior to moving data to the cloud, ask the provider what they have in place to defend against attacks.

 

Many types of cloud providers exist today. The key to using them to your business advantage is to choose the right typepublic, private, specialized (such as those providing a specific application or specializing in managing specific types of data (such as healthcare information)), determining your data security requirements and getting a contract in place with the cloud provider that meets those requirements.

 

Listen to the webcast as Carol Woodbury discusses these issues and more.

 


Carol Woodbury
About the Author:

Carol Woodbury is co-founder of SkyView Partners, Inc., a firm specializing in security compliance and assessment software, services, and solutions, as well as security services. Carol has specialized in security architecture, design, and consulting since 1990. Carol speaks around the world on a variety of security topics and just released her latest book, IBM i Security Administration and Compliance

 

 

  

MC Press books written by Carol Woodbury available now on the MC Press Bookstore.

 

IBM i Security Administration and Compliance IBM i Security Administration and Compliance

The Essential Guide to Securing Your System

List Price $69.95
Now On Sale
 
Read More >>
Last Updated on Thursday, 06 June 2013 15:08
 
User Rating: / 0
PoorBest 
   MC-STORE.COM