Protect your hybrid cloud environments with cloud security services.
A promise of significant, secured, economic & efficiency benefits cloud computing moves us away from the traditional model, where organizations dedicate computing power to a particular business application, to a flexible model for computing where users access business applications and data in shared environments. Cloud is a new consumption and delivery model; resources can be rapidly deployed and easily scaled (up and down), with processes, applications and services provisioned ‘on demand’. In these models the risk profile for data and security changes and is an essential factor in deciding which cloud computing models are appropriate for an organization.
♦ We have control
♦ It’s located at X
♦ It’s stored in servers Y, Z
♦ We have backups in place
♦ Our admins control access
♦ Our uptime is sufficient
♦ The auditors are happy
♦ Our security team is engaged
♦ Who has control?
♦ Where is it located?
♦ Where is it stored?
♦ Who backs it up?
♦ Who has access?
♦ How resilient is it?
♦ How do auditors observe?
♦ How does our security team engage?
|JURISDICTION, REGULATORY REQUIREMENTS||DATA LOCATION, SEGREGATION||PROTECTION||SOFTWARE VULNERABILITIES||OPERATIONAL OVERSIGHT|
|COMPLYING WITH EXPORT/IMPORT CONTROLS||DATA FOOTPRINTS||HYPERVISOR VULNERABILITIES||PATCH MANAGEMENT||AUDIT AND ASSURANCE|
|INFRASTRUCTURE COMPLIANCE||BACKUP AND RECOVERY||MULTI-TENANT ENVIRONMENTS||APPLICATION DEVICES||INVESTIGATING AN INCIDENT|
|AUDIT AND REPORTING||ADMINISTRATION||SECURITY POLICIES & IDENTITY MANAGEMENT||EXPERIENCE OF NEW CLOUD PROVIDERS|
intiGrow Cloud Readiness
Many of the risks identified can be managed through the application of appropriate security and governance measures. Which risks you choose to address will be different depending on your business, your appetite for risk and how costly these measures are. In many cases the complexity of securing cloud comes not just from the individual application but how it integrates into the rest of the organization.
♦ Define a cloud strategy with security in mind:
♦ Identify the different workloads and how they need to interact. Which models are appropriate based on their security and trust requirements and the systems they need to interface to?
♦ Identify the security measures needed:
♦ Using a framework that allows teams to capture the measures that are needed in areas such as governance, architecture, applications and assurance.
♦ Enabling security for the cloud:
♦ The upfront set of assurance measures you will want to take. Assessing that the applications, infrastructure and other elements meet your security requirements, as well as operational security measures.