by Daniel Kane, Project Analyst
In today’s technology market, computing resources that utilize the proverbial “Cloud” allow businesses to take advantage of flexible, cost effective IT services over the Internet. The ability for these resources to aggregate capacity while effectively meeting application, process and service needs without regards to the end user’s location or device, makes this a powerful tool in today’s business world. While the benefits of this resource are clear to many organizations, the process is not without a critical need to develop proper security measures to mitigate the IT infrastructure’s exposure to risk. Developing a strategy to meet the specific needs of the business is an important component to any implementation process, and is especially important to define the security needs of shared IT resources.
“Going to the cloud”, often requires an outsourcing of essential services to a third party, adding a level of complexity to the maintenance of data integrity and privacy, among others. Organizations that are considering a cloud-based service must take proper measures to ensure an appropriate level of visibility for any data stored with that service. A lack of visibility can cause problems in regards to data exposure and compromise, the reliability of service, and in many industries, the ability to demonstrate compliance with government and industry regulations. Areas that must be considered include the construction and setup of a security program, confidential data protection, strong access control measures, application provisioning and de-provisioning, and audit management. In addition to these focus areas; it is critical to include a testing and validation period, before any system goes live.
The first step to defining your organization’s security requirements is to identify what information will be stored, accessed or transmitted over the cloud. One should ask if this information is confidential, or subject to government or industry compliance regulations. Organizations should work with their service provider to determine the type of cloud architecture that is being utilized, and what specific risks are inherent to public, private or hybrid systems. Once the risks have been assessed, it is important to define a plan of action that will effectively mitigate these risks.
The cloud is a powerful tool, but should be used with the care and consideration that all powerful tools deserve. The potential for considerable gains and increased efficiency is prevalent in cloud technologies, yet problems stemming from a compromised solution can have lasting negative repercussions. As such, it is imperative to include a security analysis as a mandatory step in implementation. Businesses are encouraged to research and identify high risk areas on their own, while also working with suppliers to maintain a cost-effective solution while decreasing the serious risks associated with the technology.