6 Key Principals for creating a Secure Cloud

Securing a cloud environment requires, and offers a new approach to security: holistic Security Intelligence. Many organizations have dozens of different point products to address security concerns. For example, they may have a firewall from one vendor, identity management from another, and application scanning from a third. This creates a siloed approach to security. However, as attacks become both more complex and sophisticated, it has become a priority to look across all of these different products in order to identify and respond to threats. By reducing the number of point products in an environment and adopting a unified approach, organizations are gaining better insight into unknown threats while also managing continued security risks.

Whether deploying a traditional data center, or a cloud, organizations must protect the infrastructure and applications while monitoring and controlling access to all resources. This security must be accomplished in a way that meets industry regulatory and compliance standards. Organizations must be able to protect against both known and unknown threats across all of these elements of the computing environment.

(Read more:  5 Best Practices to secure your Big Data Implementation)


6 Key Principals for creating a Secure Cloud

  • Create a Secure Infrastructure. Creating a secure infrastructure means that the underlying systems architecture must be protected against traditional vulnerabilities such as network threats and hypervisor vulnerabilities. In addition, virtual machines must be securely isolated from each other and patches must be kept up to date.
  • Build Security into Applications Development. Developers of web and cloud based applications often lack deep expertise in security and therefore do not appreciate the vulnerabilities that exist with applications. Securing applications requires building application scanning into the development process combined with a patch management plan.
  • Establish an Automated and Unified Approach to Identity Management. With the introduction of cloud computing, more employees and external users need access to a broad range of systems and services ranging from virtual desktops to public SaaS environments. All of this activity might take place in just a few minutes. A successful identity strategy gives administrators federated identity management and gives users Single Sign On (SSO) capabilities.
  • Keep Data Secure Regardless of the Deployment Model. A successful cloud data management strategy allows an organization to know where data is located and who has accessed that data. Often this data is not static, it will change and move based on business transactions. In addition, data must remain secure whether it’s being accessed in the office or from a mobile device. All of this data must be backed up in a reliable and secure manner.

  • Ensure Compliance within a Hybrid Computing Model. Compliance and regulatory requirements are quickly evolving and organizations are struggling to stay current. Many industries require compliance with specific
    regulations related to protection of customer and corporate data.

  • Prepare for Advanced Persistent Threats (APTs). APTs are ongoing slow attacks that masquerade as ordinary activity and are typically not identified by traditional security technology. These sophisticated threats are becoming commonplace. Companies need to be able to anticipate these threats so they can be stopped before they cause significant damage.

>> Download the Complete Report

(Read more:  7 Key Lessons from the LinkedIn Breach)

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform