Cloud Computing: Cloud Computing Security: 10 Ways to Enforce It
Identify the Foundational Controls
Foundational controls are core to an organization's security philosophy. They represent maybe 60 security controls (or less), which protect the assets your organization values most. Focusing on them will ensure that as your business embraces cloud technologies, your approach is consistent with the security controls.
Chances are that your organization already has adopted some form of cloud IT. It could be in the form of an internal private cloud, a hosted email package or miscellaneous outside services (such as Salesforce.com). The cloud is here to stay, and the fear and uncertainty associated with any new technology is distracting organizations from securely adopting this IT resource. It's not hard to imagine how a newer technology could introduce more security woes; after all, we are constantly seeing news about the latest breaches across the media. However, if we look closely at recent events, the attacks and breaches which build such fear in our minds are often the result of a lack of focus on security fundamentals, not necessarily sophisticated attacks. This is not to say that such attacks can't occur, but the reality is that attackers often focus on the easiest attack route and not the hardest to implement. A criminal will almost always enter a house when no one is home and the door is left open before breaking into a home with the door locked and lights on. When moving IT to the cloud, organizations need to consider basic security practices analogous to locking the door on their homes. In this slide show is a common-sense set of 10 tips for this purpose, provided by Harold Moss, CTO of Cloud Security Strategy at IBM.