Home » Technology » Security Transformation » Cloud Security in 2017

Cloud Security in 2017

Tech Page One

5 things you need to know before implementing cloud storage (second)

Cloud security is a key priority for IT in 2017. In fact, in a survey of IT professionals from CompuCom Systems, 47 per cent of respondents said that cloud security was the most important priority for their organisation in 2017.

The global cloud security market is expected to be worth $8.9 billion by 2020, or so finds a report from Allied Market Research.

3 key considerations

But what can IT managers do to protect their security when using the cloud?

Drill down and three key considerations emerge.

First off, you need to consider what information is too sensitive to be stored on the cloud. The cloud turns IT into a variable cost, you can ramp its usage up or down as needed, but you are trusting a third party with your security.  You may feel that certain information is just too important, too sensitive to trust to the cloud, at all.

Secondly, since you are trusting your security to a third party, namely the cloud hosting company, do your due diligence and make sure that the security measures it employs are adequate.

Thirdly, just because you use the cloud, and lose control over servers, it does not mean that, as far as your own in-house security is concerned, you are impotent. There are steps you can take.

Returning to the second point above, make full use of your inbuilt security offered by your cloud provider. You may want to make use of third party tools to sit on top of or complement the services offered by your cloud provider.

Be aware of the security risks

Bear in mind that competitors may store their own data on the same server as you – introducing new security risks.   To help mitigate against this risk, confirm that your cloud provider has adequate data isolation.

Be prepared for cloud security

When moving over to the cloud, ensure that you are ready, and that staff are fully prepared.  Bear aware that security procedures in place, pre-cloud, may not be appropriate as you move over to the cloud.  Be willing to try and change habits that evolved pre-cloud.

The security tools you can apply are many and growing in number. CWPP for virtualisation security for example, or CASP for Software as a service – SaaS – governance.

Put in place a new security routine. Ensure adequate testing and scanning as a matter of procedure. Make sure all teams are up to date with the practice you have adopted – communicating policy is vital. Adequate training of all staff who will have access to data stored on the cloud is paramount.

Virtualisation

Virtualisation introduces its own unique challenges – there is for example, the theoretical risk of compromising the virtualisation software, also called hypervisor.

Also, consider various degrees of sensitivity, some information is more sensitive than other information, not everyone needs access to all information.  Take account of requirement and do not provide unnecessary access.

Other procedures that can help mitigate against security risks include:

  • Deterrent controls – warning potential attackers of adverse consequences if they proceed with their attack.
  • Preventative controls – for example strong authentication of cloud users, reducing the odds of unauthorised people accessing cloud systems. Authentication measures can include biometric identifying technology.  Ensure that only appropriate people can access sensitive information.
  • Detective controls – creating alerts if an unauthorised person has accessed the system.
  • Corrective controls – reducing the potential damage from an attack, for example by installing back-ups after the incident.

 

Dell

Dell

Dell empowers countries, communities, customers and people everywhere to use technology to realize their dreams. Customers trust us to deliver technology solutions that help them do and achieve more, whether they’re at home, work, school or anywhere in their world. Learn more about our story, purpose and people behind our customer-centric approach.

Latest Posts:

 

Tags: Security Transformation, Technology