Cloud Computing: Cloud Computing Security: 10 Ways to Enforce It

 
 
By Chris Preimesberger  |  Posted 2011-07-06
 
 
 

Identify the Foundational Controls

Foundational controls are core to an organization's security philosophy. They represent maybe 60 security controls (or less), which protect the assets your organization values most. Focusing on them will ensure that as your business embraces cloud technologies, your approach is consistent with the security controls.

Identify the Foundational Controls

Focus on the Workload

Security in the cloud—and an organization's confidence—directly correlate to workload. Each workload has unique considerations, such as regulatory factors and user dependencies. By focusing on the workload and not solely the cloud IT, you can implement a focused security program with the potential to offer more security than traditional implementations.

Focus on the Workload

Build Consensus Early

All too often, cloud technology is adopted without buy-in from all parties. As a result, important security details may be omitted, which can lead to integration and usability challenges. Successful cloud security implementations require key stakeholders to be aware of and agree upon benefits and challenges.

Build Consensus Early

Implement a Risk Mitigation Plan

Cloud adoption often involves a number of parties, both internal and external. Organizations should adopt a documented risk mitigation plan to allow administrators and staff to rapidly deal with issues in the cloud. This plan should include not only documentation of risk, and responses to those risks, but also education and training.

Implement a Risk Mitigation Plan

Dont Forget Image Management

Many clouds leverage virtualization capabilities. Organizations should implement a storage image management process, which ensures that only appropriate images are actively available. Its also important that all deployed images are correctly identified and managed to prevent image sprawl.

Dont Forget Image Management

Conduct a Security Evaluation

Clouds are complex. Prior to migrating to cloud technologies, organizations should first evaluate applications and infrastructure for vulnerabilities and ensure that all security controls are in place and operating properly. Ethical hacking is a secondary activity which organizations should use to check their cloud applications for common vulnerabilities.

Conduct a Security Evaluation

Take Advantage of Security Services

New security services have entered the market that allow organizations to achieve best-of-breed security without the usual overhead. Areas such as intrusion prevention, access and identity management, and security event log management present opportunities for organizations to achieve security goals without putting a strain on existing resources.

Take Advantage of Security Services

Develop a Resiliency Program

As organizations adopt cloud-based technologies, they should also look at their resiliency needs. No technology is perfect and the same goes for the cloud. Make sure that workloads, which are critical to the business, can be rapidly restored in the event of a catastrophe or attack. Be careful to ensure that workloads can be readily restored with minimal impact on business continuity.

Develop a Resiliency Program

Actively Monitor Performance

Failing to properly monitor cloud implementations can result in performance, satisfaction and security issues. Implement an active monitoring program that identifies any threats to the success of the cloud implementation.

Actively Monitor Performance

Follow a Cloud Lifecycle Model

Security in general is not a point-in-time statement, but more of an ongoing effort to keep the bad guys out while letting the good guys work. Organizations must be diligent in managing cloud technologies and in regularly reviewing security.

Follow a Cloud Lifecycle Model

Rocket Fuel