Q11: I’m just beginning to investigate cloud security. What advice can you give me, and what steps should I take to make sure I’m covering all my bases? Starting out, we would suggest that you look for transparency from your cloud vendor. If they have a SAS 70 standard for their platform, insist on being able to review the controls they have adopted. Also look for their involvement in industry groups such as the CSA and standards such as cloud audit. Industry benchmarks are key to educated buying decisions. Organizations that are starting their cloud journey will need to identify how their cloud strategy helps them achieve their overall business objectives. As an integral part of the cloud strategy, they will need to ensure that their cloud security governance process can provide policies, procedures, and standards for a smooth and secure transition to the new business computing model. They need to map out their cloud security architecture and implement cloud security solutions accordingly. If they engage cloud service providers, they should also insist on a strong service level agreement (SLA) that specifies requirements for data confidentiality, integrity, and availability. In addition, they should also discuss their rights to audit. Read the fine print. Test everything (especially failure conditions). And plan for a loss of connectivity to the cloud and ensure that your business is still operational. With the right architecture and business resumption planning, even the occasional glitch won’t result in damaging downtime and loss. Don’t shy away from asking the more difficult questions regarding architectures and data controls. Don’t take a SAS 70 or SSAE 16 as the end-all document guaranteeing security. Do treat cloud-based services like you would any other outsourced or hosted platform. Do inspect what you expect of your providers—how providers operate and their control and testing processes. Do thoroughly review all SLAs and ask for security elements to be included in those SLA terms. Make a physical site visit so that you can see that what is represented on paper is followed in real-world operations. At its core, the cloud is enabled by a combination of technologies and solutions from a variety of vendors, but virtualization is perhaps the most critical element. Thankfully, a number of organizations—NIST, SANS Institute, PCI-DSS, CIS, and more—have published guidelines for securely migrating workloads onto virtual infrastructure. These same guidelines should be referenced before migrating into the cloud because the methods for securing virtual infrastructure are perfectly applicable. 35 Intel IT Center Vendor Round Table | Cloud Security
Cloud Security Vendor Round Table - Page 0001.html
Cloud Security Vendor Round Table - Page 0002.html
Cloud Security Vendor Round Table - Page 0003.html
Cloud Security Vendor Round Table - Page 0004.html
Cloud Security Vendor Round Table - Page 0005.html
Cloud Security Vendor Round Table - Page 0006.html
Cloud Security Vendor Round Table - Page 0007.html
Cloud Security Vendor Round Table - Page 0008.html
Cloud Security Vendor Round Table - Page 0009.html
Cloud Security Vendor Round Table - Page 0010.html
Cloud Security Vendor Round Table - Page 0011.html
Cloud Security Vendor Round Table - Page 0012.html
Cloud Security Vendor Round Table - Page 0013.html
Cloud Security Vendor Round Table - Page 0014.html
Cloud Security Vendor Round Table - Page 0015.html
Cloud Security Vendor Round Table - Page 0016.html
Cloud Security Vendor Round Table - Page 0017.html
Cloud Security Vendor Round Table - Page 0018.html
Cloud Security Vendor Round Table - Page 0019.html
Cloud Security Vendor Round Table - Page 0020.html
Cloud Security Vendor Round Table - Page 0021.html
Cloud Security Vendor Round Table - Page 0022.html
Cloud Security Vendor Round Table - Page 0023.html
Cloud Security Vendor Round Table - Page 0024.html
Cloud Security Vendor Round Table - Page 0025.html
Cloud Security Vendor Round Table - Page 0026.html
Cloud Security Vendor Round Table - Page 0027.html
Cloud Security Vendor Round Table - Page 0028.html
Cloud Security Vendor Round Table - Page 0029.html
Cloud Security Vendor Round Table - Page 0030.html
Cloud Security Vendor Round Table - Page 0031.html
Cloud Security Vendor Round Table - Page 0032.html
Cloud Security Vendor Round Table - Page 0033.html
Cloud Security Vendor Round Table - Page 0034.html
Cloud Security Vendor Round Table - Page 0035.html
Cloud Security Vendor Round Table - Page 0036.html
Cloud Security Vendor Round Table - Page 0037.html
Cloud Security Vendor Round Table - Page 0038.html
Cloud Security Vendor Round Table - Page 0039.html
Cloud Security Vendor Round Table - Page 0040.html
Cloud Security Vendor Round Table - Page 0041.html
Cloud Security Vendor Round Table - Page 0042.html
Cloud Security Vendor Round Table - Page 0043.html
Cloud Security Vendor Round Table - Page 0044.html

A javascript error just appeared or you do not have installed a Flash Player plugin in your browser.

Prestimedia, your interactive publications solution provider, invites you to download the latest Adobe Flash plugin by clicking here

This e.print interactive catalogue is made by Prestimedia