Potential cloud consumers are responsible for doing their due diligence by selecting the right cloud service provider (CSP) for their organization. It is important to educate all staff involved in the deployment on the basics of the selected CSP, architecture, services, and tools available to assist in the deployment. Additionally, they must ensure everyone understands the CSP’s security model and its impact on their role in the cloud deployment.
As far as development and deployment is concerned, moving to a cloud environment may present risks that may have not been present in the on-premises deployment of applications and systems. It is crucial to check for new risks and identify any new security controls needed to mitigate these risks. One must consider how CSP-provided control implementations can help. The CSP should provide tools to check for proper and secure usage of services.
Once developed and deployed, applications and systems must be operated securely. Cloud infrastructure should be managed in a source code control system, with version and change control policies. Changes to production resources should require approval prior to implementation by a system manager.
Another critical consideration in cloud security is that of access management. Employment of industry approved authentication typically in the form of multifactor, should reduce the likelihood of compromise. Assigning user access rights in the form of roles would ensure that no one person could adversely affect the cloud environment. Cloud consumers must also understand and be able to configure service-specific access policies. These services include content delivery or storage services in which each may have their own access policies designed to protect stored cloud data.
Outside of access control, protecting sensitive data in the cloud is another critical consideration in cloud security. By doing a due diligence and selecting the right CSP it would also reap benefits when it comes to data encryption. Flexible encryption options such as CSP-managed or self-managed including hardware-based security should be a standard offering.
Cloud security walks a fine line between data protection and data availability. Your selected CSP should provide protection against data lost with flexible data backup and recovery procedures to address your organization’s requirements. In terms of protection against disclosure of deleted or cached data, one should analyze the cloud deployment thoroughly to understand both where sensitive data may have been copied or cached and determine what should be done to ensure these copies can be securely wiped.
In terms of monitoring of the cloud-deployed resources, the CSP is typically responsible for monitoring the cloud infrastructure and services, however, it’s up to the cloud consumer to monitor their own systems and applications with the provided services. To the extent possible, use CSP-provided monitoring data as your first line of defense, but it is recommended to augment it with additional monitoring of your cloud-based resources. Researching supported third-party monitoring services and other tools which would integrate well to your cloud platform will be beneficial.
A common cloud scenario would include both a cloud and on-premise monitoring. This hybrid cloud deployment moves some resources to a CSP but retains many resources on premises, thus requiring a combination of CSP-provided monitoring information, consumer cloud-based monitoring information, and consumer on-premises monitoring information to draw a complete picture of the organization’s cloud security.
CSPs typically charge for data transfers into and out of their services. They often charge more for transfers out of the cloud than they do for transfers into the cloud. Depending on the volume of data involved, it may therefore simply be cheaper to move data from on-premises monitoring into the cloud than it is to do so vice-versa.
As with all aspects of cloud computing, managing security in the cloud should be a shared responsibility. Cloud consumers need to learn how to collaborate with the CSP to proactively respond to possible security incidents. To collaborate effectively, you need to understand what information the CSP can share, how the information will be shared, and the limits within which the CSP can provide support.
The Future of Cloud Security
A common theme across these cloud security discussion points is the need for cloud customers to develop a thorough understanding of the services to which they are committing and to use the security tools provided by the CSP. For small to mid-sized enterprise, the use of reputable and established CSPs should reduce the risk associated with migrating applications and data to the cloud.
Need help? Consult with NewIntelligence about transitioning to cloud today.
Find out more about Cognos Analytics on Cloud.