Top steps during the implementation of a Cloud Security project

As security is an important aspect of any project it is necessary to align security plan with business goals. There are a perspective series of steps that may be taken to secure the cloud environment. Foremost it’s a pre requisite that effective governance, risk and compliance processes should be in place. People, role and identity management is also required to be ensured such that cloud environment is controlled and managed.  Then there should be audits for operational and business processes to assess effectiveness in enforcing the corporate, industry or government requirements and policies. Moreover, proper privacy policies should be enforced and the audit program should cover all aspects of the privacy policies. In addition to, security controls are required on physical infrastructure and facilities with a central management system. Further Cloud SLAs should include security terms and the security requirements should also be considered in the exit processes.

( Read more:  APT Secrets that Vendors Don't Tell )

Top implementation mistakes or learning while implementing projects related to the above domain?

Choosing the right cloud flavor and avoiding cutting common security corners are keys to successful cloud rollouts. There are various aspects that should be kept in mind while going for cloud implementations. A lot of what’s appealing about cloud computing is the convenience of it; but then at what point does making your data solution convenient for its users start to put the security at risk? So don’t ignore security for convenience. Another mistake that people do is failing to see the underlying meaning in the big picture. If you’re securing a cloud data system, you can’t just look at everything as a whole- you need to dig deep, look close, and comb your way through the system’s security in order to ensure that there’s no possible way anyone could easily break in. Also, implement everything before you get things up and running. Implementing governance and security later is just asking for trouble. It should not be assumed that users know what they are doing. Users should be educated about various aspects of cloud security and they should be responsible with what they do, but they shouldn’t have to manage the system. The cloud transition should be planned precisely; enterprises should know what they are getting into and how to execute it to get there. Also there should be a response plan in place so that there is a fair idea as to how the business will respond in case there is a security threat.

( Watch more : How MIT website got hacked despite having any vulnerability ?)

Top challenges faced during such implementation

Cloud opens up a new world of opportunities for businesses, but mixed in with these opportunities are numerous security challenges that need to be considered and addressed prior to committing to a cloud computing strategy.  Cloud computing security challenges are broadly related to the domains of Data Protection, User authentication and Disaster and Data Breach. First and foremost, there is a challenge in securing your data both at rest and in transit. Another challenge is to limit access to data and monitor who accesses the data. As with all cloud computing security challenges, it's the responsibility of the customer to ensure that the cloud provider has taken all necessary security measures to protect the customer's data and the access to that data. Eventually, it’s a no brainer that the cloud will serve as a single centralized repository for a company's mission-critical data; so the risks of having that data compromised due to a data breach or temporarily made unavailable due to a natural disaster are real concerns.  So, the contingency planning is also a challenge in which the company has to consider various scenarios. For instance, can the data be easily retrieved and migrated to a new service provider or to a non-cloud strategy if this happens?  And what happens to the data and the ability to access that data if the provider gets acquired by another company? While there are real benefits to using cloud computing, including some key security advantages, there are just as many if not more security challenges that prevent customers from committing to a cloud computing strategy.

- By Dinesh Kumar Chawla, CISO, Telecommunications Consultants India Ltd.

More:  Join the community of 1400+ Chief Information Security Officers.  Click here

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform