Best Practice Cloud Security: Is Your Cloud Secure Inside and Out?

Learn to use the Cloud security principles to reassure your customers.

Last year, the UK government’s Cabinet Office outlined what constitutes ‘Cloud security principles’ in a guidance document published on 14th August 2014. These principles involve the protection of data in transit, asset protection such as customer data, a need to create some level of separation between customers in order to ensure that a compromised customer account won’t affect the service or the data of another customer, the need to develop a governance framework, and the screening of Managed Service Provider (MSP) or Cloud Service Provider (CSP) staff, to name a few areas.

Cloud security is such a burning issue because data is the gold and the oil of any modern organisation. Enterprises large and small need to think about how they can prevent hackers from compromising their Cloud services. Yet not all attacks occur from outside of an organisation. Sometimes they start from within an organisation or from within a service provider. But so long as a security audit is undertaken and Cloud security principles are put in place, a Cloud environment can be as secure and in many cases even more secure than your internal IT.

READ

Are Flexible Work Policies Coming to IT?

Cloud security compliance

There is no need for organisations to develop their own Cloud security principles from scratch as there are well documented best practices, such as the Cabinet Office’s guidance document. However, the level at which Cloud security needs to be applied varies according to the legal obligations and regulatory frameworks that apply to different vertical industries. The financial services sector is one vertical that has to apply stringent Cloud security frameworks in order to protect their customers’ personal and financial data. For this reason they often opt for a private or hybrid Cloud model.

The key standard that most industrial sectors have to comply with is known as ISO 27001 (ISO/IEC 27001:2013): “Using this family of standards will help your organisation manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties”, says the International Standards Organisation’s website. There is also ISO/IEC 27002 (ISO/IEC 27018:2014) to consider.

Some of the standards aren’t restricted to Cloud security principles. The interconnectedness of Cloud computing means that they often concern an organisation’s entire IT system. So, yes, it’s vital to find a Managed Service Provider or a Cloud Service Provider that has all of the right cloud credentials, but the weakest link could be your own internal IT. It needs to meet the very same standards that MSPs and CSPs have to comply with.

READ

4 Easy Steps How to Conduct IT Security Audit of Your Own Company

Following best practice

As well as the International Standards Organisation (ISO) there are a number of entities that are working to help enterprises to develop and implement Cloud security best practices. For example, there is the Cloud Security Alliance (CSA) which publishes a top Cloud security threats report. National and international organisations like the CSA, and specific sector-related industry bodies, can help you to keep informed about the latest legal requirements and industry regulations. This will enable you to know what constitutes best practice, and how it should be applied.

Standard operating system

The starting point is a Standard Operating Environment (SOE). Organisations with a SOE have a repeatable process for implementing secure and optimised Linux system builds across their entire IT estate, whether in-house, physical, virtual, hybrid or Cloud.

An SOE needs a good management platform (SOEMP) to enforce good practice. Using SOEMP technologies such as Red Hat’s Satellite Server and Puppet, system administrators have the power to actively manage the SOE and ensure its security.

READ

Big Data: A Hidden Blessing or Increased Vulnerability for the Security of IT Systems?

For many organisations the answer is to use a Managed Services Provider that follows Cloud security principles provided by ISO/IEC 27001:2013. A service provider will have access to the best management tools and will have staff very familiar with deploying them consistently and thoroughly. Most crucially, such a provider is removed from the everyday commercial pressures and career worries within the enterprise that sometimes conflict with best security practice.

Takeaways:

Ensure you’re using a Managed Services Provider.
Check that you are following guidance provided by ISO/IEC 27001:2013 and other relevant standards and regulations to your industry.
To keep data safe, you need the best management tools.
Read the Cabinet Office’s document on cloud security principles as a blueprint for ensuring your cloud systems and Cloud services remain secure.
Work with an MSP or a CSP to ensure that your own internal systems aren’t the weakest link in the Cloud security chain.

You must log in to post a comment.

Data Mining Can Be a Game Changer for Small Businesses

Modern Mac Malware Is Worse Than Your Wildest Dreams

Education and the Blockchain – Should We be Teaching Blockchain in Schools?

Big Data is Bridging eCommerce and Fulfillment for Young Entrepreneurs

3 Ways that Big Data is Transforming the eCommerce Sector

How the Internet of Things is Changing Big Data Analytics

Can Business Intelligence Answer the Questions Asked of it Without Big Data?

6 Ways Big Data Analytics Is Changing the E-Commerce Industry

Can Smart Data Ensure Cybersecurity and Data Protection?

How to Overcome Data Visualisation Problems

Current Landscape and Applications of Blockchain Explained

How Big Data Is Driving Airline Loyalty Programs

The Enterprise Graph – From Connections To Customer Insights

Can Smart Data Ensure Cybersecurity and Data Protection?

5 Ways Big Data Is Transforming Finance

Big Data is Cutting Spreads and Making Forex Trading More Cost-Effective

Why Every College Student Should Study Predictive Analytics

Dark Data: The hidden billion dollar opportunity

Quality vs Quantity in Customer Service Analytics

4 Customer Retention Metrics for Data-Driven Ecommerce

Emotions: The Next (but not new) Frontier in Artificial Intelligence & Cognitive Computing

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

How big data is affecting social media metrics and Facebook ad strategies

Report: Brands Use Advanced Analytics to Reach Double Digit Growth

Dark Data: The hidden billion dollar opportunity

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

How to Be a Text Analytics Rock Star in your Organization

Text Analytics: It’s Not Just for BIG Data

The Smart Data Lake Imperative

Data-Driven Facts for Better Blogging

How to Make Site Search a Conversion Tool

Get The Best Out Of Your Marketing Strategy By Integrating Analytics

The Types of Simple Queries Businesses Need to Ask that Spark Growth

How Did Big Data Create a Modern Day Manufacturing Workforce?

The 7 Biggest Data Trends to Watch in Finance for 2017

Taking Data Visibility to the Office Walls

What Led to the Recent Huge Buzz Around Analytics?

Data Mining Can Be a Game Changer for Small Businesses

How the Internet of Things is Changing Big Data Analytics

Could the Julia Language Fill an Untapped Void for Big Data Programmers?

Big Data is Streamlining International Trade Faster than We Expected

Data Mining Can Be a Game Changer for Small Businesses

Overcoming the Challenges of Big Data Clustering

5 Challenges Your Company Has to Overcome to Succeed in Data Mining

The Data Is In: Finding Affordable Car Loans

Can Smart Data Ensure Cybersecurity and Data Protection?

How to Overcome Data Visualisation Problems

How Human Centered Design and Big Data Are Merging in 2017

How to Scale Your Big Data Project Effectively

How to Overcome Data Visualisation Problems

Data Driven: 5 Ways Automakers Use Big Data to Improve Their Products

Taking Data Visibility to the Office Walls

6 Key Capabilities an Embeddable Analytics Software Should Deliver

Dropbox or Box – Which Cloud Storage For Small Businesses

Overcoming the Challenges of Big Data Clustering

What is an Enterprise Data Warehouse?

How Much Is Data Center Downtime Costing You?

Social Media and Big Data Are Creating a New Generation of Millionaires

Can Smart Data Ensure Cybersecurity and Data Protection?

Predicting Airline Loyalty Churn – Cathay Pacific Marco Polo [Case Study]

Are Instagram Stories a Big Data Goldmine?

The 7 Biggest Data Trends to Watch in Finance for 2017

Data Driven: 5 Ways Automakers Use Big Data to Improve Their Products

Thinking Efficiency: IT, OT, And The Issue Of Migration

Is Big Data Security Still Lacking?

Data Mining Can Be a Game Changer for Small Businesses

Can Business Intelligence Answer the Questions Asked of it Without Big Data?

Big Data is Leading the Fight Against Fake News

Keep calm, AI is not About to Make Marketers Obsolete

Big Data is Leading the Fight Against Fake News

Keep calm, AI is not About to Make Marketers Obsolete

Musk vs. Zuckerberg: Who’s Right About AI?

Artificial Intelligence Can Be Our Best Travel Guide

The Enterprise Graph – From Connections To Customer Insights

Will Predictive Analytics and POS Save Small Retailers from Extinction?

Leveraging The Cloud, New Technology and Video To Effectively Manage A Growing Global Workforce

In a World Full of Data, Can Analytics See the Market Trends?

Key Points from Microsoft Dynamics 365 Tech Conference

Customer Feedback and Data Analysis: The Keys to a Good Customer Retention Rate

How Businesses Can Profit From Mobile Apps