Cloud Security: Myths Busted - What Chief Security Officers Need To Know
.bmp)
I found a very good White Paper on Cloud Security entitled Cloud Security Myths and Strategies Uncovered. I think the best way to start off is with the opening quote from the White Paper itself:
“In today’s evolving information economy, cloud computing offers immense opportunity. Whether companies have started their cloud journey or not, security concerns remain the largest inhibitor to adoption. Concerns around control, data privacy, and security abound. However, the technology and expertise required to build a trusted cloud is closer than imagined. Progressive CSOs are embracing a new strategic role as a true business enabler in partnership with business leaders, to make sure that the trusted cloud becomes a reality and enterprises can capitalize on cloud technology.”
Security concerns still abound with Cloud Computing and a fair number of adopters still opt for a private cloud environment. However, there is a trend towards a more hybrid approach, allowing enterprises to take advantage of the cost saving a public cloud provides. A majority of IT professionals surveyed indicated that their top priority was managing access to the data in the cloud. The White Paper suggests that “Virtualization” provides better visibility than the older legacy systems.
The White Paper then lists the three major Myths about Cloud Computing and provides the answer that debunks each one:
1. The Cloud simply cannot be secure - YES IT CAN.
2. Cloud Security is a new challenge – NO IT’S NOT.
3. Compliance equals security – not necessarily … it is only an “as of” date.
The authors state that a successful and secure Cloud is one that has “Trust” as its foundation. The Trust Equation is as follows:
Control + Visibility= Trust
Control
· Availability: Ensure access to resources and recovery following interruption or failure.
· Integrity: Guarantee only authorized persons can use specific information and applications.
· Confidentiality/privacy: Protect how information and personal data is obtained and used.
Visibility
· Compliance: Meet specific legal requirements and industry standards and rules.
· Governance: Establish usage rights and enforce policies, procedures, and controls.
· Risk management: Manage threats to business interruption or derived exposures.
The White Paper goes on to say that the key to obtaining the visibility needed to control the Cloud is Virtualization. “Virtualization consolidates multiple physical components into a logical view so they can be administered from one place. This alleviates the complexity of managing and monitoring multiple moving parts across internal and external infrastructure.”
When it comes to building a trusted cloud, Checklist for Your Trusted Cloud is as follows:
· Use virtualization as your foundation.
· Build control and visibility into your security framework.
· Extend your security perimeter to include applications and endpoints.
· Adopt the three-layer controls framework: controls enforcement, controls management, and security management.
· Select a cloud vendor with offerings that can meet enterprise-class cloud security requirements across private and public clouds.
· Ensure services are secured to a common standard, in a transparent and auditable fashion.
· Tap prescriptive guidance from industry coalitions such as the Cloud Security Alliance (www.cloudsecurityalliance.org).
.bmp)
