Q11) Continued The first step is to understand where your data is within your organization and decide whether or not it should be moved to the cloud. You can’t protect your data if you can’t accurately describe what it looks like and where it is. Then you must classify the data that flows through your networks so that you have a real-world map of all your critical information assets. This provides the insight to build policies to protect your data. These policies are then built into the security solutions so that only the data you want moves into the cloud, and sensitive and confidential data stays protected. You should ask the same basic questions you do when dealing with internal security, such as: • Does my cloud environment allow individual user accounts for log-in so that I don’t have to share credentials with multiple people? • Does the cloud environment include management auditing to show who took what action and when? Without this type of auditing, many internal compliance requirements cannot be met. • Can I build a traditional multitiered network with firewalls and ACLs between each tier of the network? If not, am I comfortable with my database having less separation from the DMZ than I do in a traditional network structure? • Have I (or my vendor) performed network penetration testing and application vulnerability testing to ensure that my network and application are not vulnerable to common hacking attempts? • Does my cloud vendor provide network IDS? • Does access to my back-end environment require VPN connectivity, or is anyone on the Internet able to access it? Someone just beginning to look into cloud security should get involved with organizations like the CSA and the Open Data Center Alliance (ODCA). Both are excellent organizations looking at the problem from different perspectives. The CSA has a certification program called the Certificate of Cloud Security Knowledge (CCSK). While a CCSK doesn’t make you an expert on cloud security, it does help you to learn about what the CSA and the European Network and Information Security Agency (ENISA) are focusing on in cloud security. The information provided by these organizations covers a lot of the important areas that customers will need to know about when they are ready to contract with a cloud provider. Also, it is beneficial to get involved with (or consider starting) a local chapter for one of these cloud organizations and attend some of the cloud-focused tracks at security conferences. This will enable networking with other professionals who are facing many of the same challenges and strategic decisions with cloud computing. 36 Intel IT Center Vendor Round Table | Cloud Security
Cloud Security Vendor Round Table - Page 0001.html
Cloud Security Vendor Round Table - Page 0002.html
Cloud Security Vendor Round Table - Page 0003.html
Cloud Security Vendor Round Table - Page 0004.html
Cloud Security Vendor Round Table - Page 0005.html
Cloud Security Vendor Round Table - Page 0006.html
Cloud Security Vendor Round Table - Page 0007.html
Cloud Security Vendor Round Table - Page 0008.html
Cloud Security Vendor Round Table - Page 0009.html
Cloud Security Vendor Round Table - Page 0010.html
Cloud Security Vendor Round Table - Page 0011.html
Cloud Security Vendor Round Table - Page 0012.html
Cloud Security Vendor Round Table - Page 0013.html
Cloud Security Vendor Round Table - Page 0014.html
Cloud Security Vendor Round Table - Page 0015.html
Cloud Security Vendor Round Table - Page 0016.html
Cloud Security Vendor Round Table - Page 0017.html
Cloud Security Vendor Round Table - Page 0018.html
Cloud Security Vendor Round Table - Page 0019.html
Cloud Security Vendor Round Table - Page 0020.html
Cloud Security Vendor Round Table - Page 0021.html
Cloud Security Vendor Round Table - Page 0022.html
Cloud Security Vendor Round Table - Page 0023.html
Cloud Security Vendor Round Table - Page 0024.html
Cloud Security Vendor Round Table - Page 0025.html
Cloud Security Vendor Round Table - Page 0026.html
Cloud Security Vendor Round Table - Page 0027.html
Cloud Security Vendor Round Table - Page 0028.html
Cloud Security Vendor Round Table - Page 0029.html
Cloud Security Vendor Round Table - Page 0030.html
Cloud Security Vendor Round Table - Page 0031.html
Cloud Security Vendor Round Table - Page 0032.html
Cloud Security Vendor Round Table - Page 0033.html
Cloud Security Vendor Round Table - Page 0034.html
Cloud Security Vendor Round Table - Page 0035.html
Cloud Security Vendor Round Table - Page 0036.html
Cloud Security Vendor Round Table - Page 0037.html
Cloud Security Vendor Round Table - Page 0038.html
Cloud Security Vendor Round Table - Page 0039.html
Cloud Security Vendor Round Table - Page 0040.html
Cloud Security Vendor Round Table - Page 0041.html
Cloud Security Vendor Round Table - Page 0042.html
Cloud Security Vendor Round Table - Page 0043.html
Cloud Security Vendor Round Table - Page 0044.html

A javascript error just appeared or you do not have installed a Flash Player plugin in your browser.

Prestimedia, your interactive publications solution provider, invites you to download the latest Adobe Flash plugin by clicking here

This e.print interactive catalogue is made by Prestimedia