Building a Secure Cloud Environment A secure IT strategy often emerges as a key concern

Building a Secure Cloud Environment

A secure IT strategy often emerges as a key concern

Building a Secure Cloud Environment A secure IT strategy often emerges as a key concernCloud computing is fundamentally revolutionizing how businesses deliver and operate the services and products they bring to market. The ability to leverage virtual infrastructure in a public cloud context enables compelling and strategic benefits including increased agility, improved scalability, reduced costs and capital expenses, and more efficient deployment of IT resources, all of which allow an organization to focus on growing their core business. However, security often emerges as one of the key concerns at the corporate executive (CxO) level as enterprises shape their IT strategy around cloud computing. Though it is a big issue, it is one that can be addressed effectively with the right level of planning, design and investment.

Security is fundamental to any data and application management infrastructure, and cloud computing is no different. When properly constructed, a cloud infrastructure can offer greater security than a legacy system; however, when poorly constructed, a cloud-based infrastructure introduces risk across the enterprise. If we’ve learned anything from the many high-profile data breaches in recent months, it’s that the weaknesses that were exploited more commonly reside in the corporate network than in the cloud.

Businesses of all types and sizes can benefit from the security experience and economies of scale provided by a cloud service provider. Service providers have often made extensive investments across their entire fabric to safeguard systems and data including specialized resources and expertise to implement advanced security technology and procedures. As a result, a cloud service provider is often able to offer superior and more comprehensive security in a virtualized cloud environment than the individual enterprise can achieve through a purely physical architecture.

Building a Secure Base

Over the past 15 years, NaviSite has built an extensive track record of working with businesses and organizations of all sizes to enable their compliance and security requirements. As part of its portfolio of compliant hosting services, NaviSite has developed and refined several best practices to help keep customer data safe and accessible. These best practices enable the maximization of the operational and cost advantages of managed cloud services without compromising organizational security and compliance objectives.

Review business goals: It is important that any cloud-based security plan begins with the basic understanding of specific business goals. Security is not a one-size-fits-all scenario and should include contributions from all stakeholders to ensure that policies are aligned and procedures are practical and pragmatic. The best way to do this is to develop cloud security policies in an inclusive model early on by involving various departments and groups that will be impacted. The broader the input, the more likely that the final security plan will truly support and align with the corporate goals.

  • Maintain a risk management program: Companies must assess threats and assets in order to manage and minimize risk. A well-defined and independently-staffed risk management program can provide IT leaders with an ongoing, aggregated view of risk the organization is willing to accept.
  • Create a security plan that supports business goals: A cloud computing security plan should include goals with measurable results that are consistent with the growth and stability of the company. It should include a specific date for completion, verification of achievement and measurable expected results.
  • Establish corporate-wide support: A key element of a successful cloud computing security plan is support and adoption of the plan across the organization. Prioritizing policies and ensuring that they are not in conflict with other policies from different departments is essential for establishing support and acceptance.
  • Create security policies, procedures and standards: New clients often ask, “What’s the easiest way to create security policies, procedures and standards?” The answer is simple—turn to best practices. Companies should apply best practices to create policies that align with business goals and develop procedures that are realistic and acceptable to the organization.
  • Audit and review often: It is important to review the security plan on a regular basis, report the achievement of goals, and audit the compliance of the organization to the security policies and procedures. If it is part of the overall business plan, a third-party audit can provide an impartial review of the controls and report on compliance to established programs such as SSAE 16, PCI DSS or Safe Harbor.
  • Continuously improve: Make it part of the business’ standard protocol to review all generally-accepted security policies at least annually. Companies should even consider reviewing security policies every six months so that there is time to evaluate current policies, update as needed and change procedures when necessary before the next audit.

Treat Security as a Partnership

While a cloud provider should bring deep security expertise, a business cannot simply “outsource” security to its cloud provider. IT leaders must ensure each portion of the IT system is designed specifically to guarantee maximum security once all data and applications are migrated to the cloud.

It is critical to approach the task of establishing and managing security in the cloud as a partnership between the data owner/application developer and cloud service provider at the application development stage because any gaps in security at that level can render the entire infrastructure vulnerable.

Keeping Threats at Bay

Once data and applications have been migrated onto the cloud, the cloud service provider should partner with the application developers to assume front-line responsibility. It is crucial to ensure security at the cloud infrastructure level and to ascertain that the service provider is managing the company’s data against the highest level of security.

As more and more remote devices connect to the cloud, the need for secure access becomes even more vital. Organizations that hire seasonal and part-time workers are progressively faced with the pressing need to have advanced security levels for their data. With this increased workforce mobility and concepts like bring-your-own-device (BYOD), the challenge of safeguarding data from potential hazards is becoming more insistent.

One way businesses are addressing the security challenges of BYOD is by deploying desktop-as-a-service (DaaS) solutions to manage control of corporate information through the centralization and separation of sensitive data from user devices. As a result, DaaS creates a secure and scalable environment where businesses can add, remove or modify desktops without compromising data security.

Architecting a cloud infrastructure is an opportunity for businesses to leverage technology to deliver better products and services at a lower cost. By adhering to well-established best practices, companies can effectively work with cloud providers to build security into their systems from the ground up. Following these guidelines, an organization can structure its security and compliance programs to take advantage of the benefits of managed cloud applications and services while ensuring their data and applications adhere to the highest available security standards.

This article originally appeared in the April 2014 issue of Security Today.

Featured

  • Survey Shows Election Anxiety Crosses Party Lines

    New reports of election worker intimidation are raising concerns about election interference. A majority of Americans (71%) are worried about voter intimidation or safety at the polls, and 75% want security cameras at their voting place, according to a new national survey. Read Now

  • 66 Percent of Cybersecurity Pros Say Job Stress is Growing

    Sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • Live from GSX 2024: Post-Show Recap

    Another great edition of GSX is in the books! We’d like to thank our great partners for this years event, NAPCO, LVT, Eagle Eye Networks and Hirsch, for working with us and allowing us to highlight some of the great solutions the companies were showcasing during the crowded show. Read Now

    • Industry Events
    • GSX
  • Research: Cybersecurity Success Hinges on Full Organizational Support

    Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3