For the Cloud Security Alliance, a nonprofit organization that advises on best practices for providing security services in the cloud, cloud computing is not necessarily more or less secure than the current IT environment.
Like any new technology, it creates risks and opportunities. In some cases, you may need to restructure legacy applications and infrastructure to match or exceed modern safety requirements.
Recent research performed with 50 Chief Information Officers (CIOs) found that 70% of these executives were thinking that, security is the biggest inhibitor to the adoption of cloud architectures. Other barriers mentioned were lack of information about the concept (58%) and corporate culture of IT reported by 44% of respondents.
In cloud, the concern must be the same as used at home. Points to note include control, visibility, ensuring adequate access, protect data, applications and infrastructure. The organization fails to adopt the model for fear. But typically, these companies have less protection practices compared with the cloud providers.
The executive points out that there is the idea that the cloud hosting business is out of control and what is controlled is safer. But this is not true. The same care must be applied in the company transferred to the third, and require to define SLAs, which vary according to the strategy.
Planning is a key, but the truth is that many do not know where to start.
IT professionals need to intensify the battle against internal threats and leverage the technologies of identity management and access to that security is seen as the enabler of the adoption of cloud computing.
Although the company does not rely on a specific policy for the cloud, new implementations are recommended to join the sport.
Avoid Surprises When Hiring Public Cloud Computing Solutions
Survey done in December 2011 indicates that 80% of those CIOs plan to adopt some kind of cloud, with 45% to 15% private and public. Even if the public is not yet the focus of investment, those who opt for this mode should be aware when hiring and managing third-party services. To help companies in this task, the Security Guide for Critical Areas Focused on Cloud Computing and has got some recommendations.
The document was prepared by Cloud Security Alliance to advise on the best practices of service delivery in the area of security in the cloud.
1-You need to examine and evaluate the supply chain from the supplier (relationships among service providers etc). This also means checking the management of outsourced services by the provider.
2-Evaluation of outsourced service providers should concentrate on disaster recovery policy and business continuity, and processes. It should also include a review of the assessments for the supplier to fulfill requirements of policies and procedures, and evaluation of the metrics used by the supplier to provide information about the performance and effectiveness of controls.
3-The plan of disaster recovery and business continuity should include scenarios of loss of services provided by the supplier and the loss by the provider of outsourced services and capabilities dependent on others.
4-The regulation of information security governance, risk management and the structures and processes of the supplier should be widely evaluated.
5-You must request documentation about the facilities and services of the supplier that are assessed for risks and controls in audited for vulnerabilities. Also, look for a definition of the request that the vendor considers to be the success factors of information security and critical services, key performance indicators, and how these points are measured.
- How Cloud Computing Is Changing The Labor Market - March 25, 2015
- Adopting Infrastructure as a Service Can be a Good Deal - March 17, 2015
- Will Virtualize? Take These Six Points Into Consideration - March 12, 2015