1 / 2

Cloud Security – No Big Deal with These Questions in Mind

More businesses have started to put their information online and so cloud has reached tipping point today. Initially, executives used to be hesitant about going on-demand but now they have begun to believe in the cloud strength.

RobertWillson
Download Presentation

Cloud Security – No Big Deal with These Questions in Mind

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Security – No Big Deal with These Questions in Mind www.bodhost.com/blog/cloud-security-2016/ More businesses have started to put their information online and so cloud has reached tipping point today. Initially, executives used to be hesitant about going on-demand but now they have begun to believe in the cloud strength. As per the Cloud Security Alliance, around 64.9% of the IT leaders think the cloud is more secure in comparison to traditional on-premise software. The main cloud providers play a significant role in boosting confidence which helps to uplift IT and business leaders that mission critical data is safe and secure online. What do you think will 2016 be the year when people will accept public cloud without security being the reason to avoid it? Cloud security with a complete version of trust fall is needed by all. There’s a team-building exercise which you might have taken part in wherein you fall backward into the coworkers arm while trusting that they will catch you prior your khakis-clad behind hits the ground. You easily take the risk since your colleagues have given you several reasons to trust them – they have built a solid reputation, they stand up when you need help in your work and they have your back when things go wrong. There are some security measures that are offsite and out of your control and for you to trust those, you need to replicate these trust cues with your cloud provider. Let’s see how? Here are three questions to start with – Can the cloud vendor replicate my security requirements accurately? Ben Nelson, Oracle’s vice president, cloud security, says that generally companies are all very used to having incredibly severe and granular security controls. Further, Ben says that as most of the security controls are implemented on the site and under the direction of enterprise IT, companies can impose very specific requirements. 1/2

  2. Find the vendors that make the security protocol clear and are willing to work with you for identifying and maintaining transparency in what they do and what you need. Otherwise, at the end, it might lead to miscommunication. Thousands of cloud vendors have their tie-ups with the big cloud vendors who have different security requirements and over time have altered the best of those into the solution according to Nelson. Additionally, you need to check the infrastructure security that concentrates on your data protection along with network security. A layered approach is required for modern information security that integrates the technology of security throughout the stack from the silicon foundation over to the application layer. Is there clarity in the vendor’s definition of shared responsibilities? The responsibility for some technical and procedural areas of security will depend on the implementation. For instance, security in the network virtualization and physical infrastructure for infrastructure-as-a-service (IaaS) is the responsibility of vendors while customers can handle the security for the applications, data, operating system and service configuration. But you need to ensure the clear definition of division of labor. Cloud Security Alliance and similar groups offer the templates for platform-, infrastructure- and software-as-a-service models that help you to get started. Are the cloud vendors policies and processes really transparent? To what extent? Vendors need to be quick in producing written descriptions that clearly outline hosting and delivery policies as well as they need to provide Service Organization Control (SOC) reports that cover security and privacy. Another key component in the verification certification is the third party validation. When the vendors take the help of outside companies for regular audits and reviews of security controls particularly for HIPAA and PCI, it’s a good sign. It’s essential that external auditors should also do security assessments and technical security testing of vendor services and these results need to be displayed to the prospective clients readily. So, keep your answers ready for all these questions to make it easy to choose a cloud vendor and built a trust with them. 2/2

More Related