7 Common Sense Tips For A Secure Cloud
Lock It Down
One of the most frequently cited concerns around cloud computing is security. Users and enterprises won't just trust their data is secure. They want to know where it is and ensure that they can access it when they want from wherever they want. There are still plenty of unknowns when it comes to the cloud. At the Gartner Security and Risk Management Summit 2010, Verizon offered up a handful of tips that both solution providers and enterprises can follow to ensure the cloud computing environments they deploy and use are locked up tight.
"Cloud computing offers businesses so many tangible benefits that it's a shame to see security fears inhibiting adoption of the technology," said Peter Tippett, vice president of technology and innovation at Verizon Business. "While the security concerns are valid, the prescription to alleviate them exists. Simple security actions, such as performing due diligence and embracing risk management, have an enormous impact when done consistently."
Here are some common sense tips to secure the cloud.
Evaluate Your Goals
Before deciding to make the leap into the cloud and move IT services there, companies should have a clear idea of what benefits they're looking for. Solution providers can help guide their customers there and hash out these benefits, which can include reducing the time and effort to launch new applications; enabling IT to be more responsive to the needs of the business; and lowering capital expenditures and saving on maintenance costs.
Determine The Risk
Once the goals are defined, a risk-benefit analysis should be performed to determine if a move into the cloud is appropriate. This is another area where solution providers can step up and guide their customers. Prospective cloud users should consider the possible scenarios around what would happen if data is compromised and determine what business processes would be jeopardized should the cloud service fail or suffer an outage.
Perform Due Diligence
Once its determined that the cloud is the way to go, it's time to take the time to figure out which type of cloud deployment model fits best and is best aligned with business requirements: Public, private or hybrid?
Choose Carefully
When looking for vendors, providers and other cloud solutions, it's important to look at the history of the company while also looking toward that company's future to ensure that it will still be around in the near future. It's also important to verify that the vendor and provider offers risk mitigation as part of its security practice. Providers should also be able to integrate IT, security and network services and provide SLAs or a high level of service-performance assurances.
How Is Data Protected?
One of the largest security concerns and threats when dealing with cloud computing is data loss and leakage. To ensure that data loss won't happen, companies must determine how their cloud provider protects data. Verizon recommends that when a customer or partner evaluates a provider they scrutinize that company's ability to deliver the same types of controls that would be available in-house. For example, physical security, logical security, encryption, change management, business continuity and disaster recovery capabilities are a must. Users must also verify that their cloud provider uses save data handling practices with documented backup, availability and destruction procedures.
Is Hybrid The Way To Go?
Verizon said companies may want to look into a hybrid security model and incorporate a mix of services delivered in-the-cloud and on-premise. "This can help allay data security and privacy concerns as well as leverage legacy investments," Verizon said.
Compliance Is Key
Make sure compliance initiatives are met, Verizon cautioned. "Investing in the cloud and focusing on security can all be for naught if compliance initiatives are not met," the company said. It's up to solution providers and customers to ensure that best practices around compliance are followed and that the relevant regulations are communicated.