As I go through the various sessions in the Cloud and Security tracks at HP Discover 2013, the session on the intersection of cloud and security — TB1248 - How secure is your cloud? What you need to know and ask — jumps out at me. It raises the question in my mind as to who is ultimately responsible for cloud security given that there is a large cast of characters, such as consumers, providers, and integrators among many others who could play that role. So, if you are the enterprise looking to deploy solutions in the cloud, you—as the enterprise – are on-point to ensure that your solutions are secure in the environment of your choice. In other words, the single-point of accountability for ensuring that your cloud solutions are secure squarely lies with you.
Consider the TB1248 abstract: Roughly 47 percent of today's businesses are using cloud-based software applications, many of which contain sensitive data like customer information and sales records. Unfortunately, companies often ignore the security risk and compliance and privacy issues that come with cloud applications. Join us for an in-depth review of the kind of questions you need to be asking your cloud provider.
One of the reasons I am excited about attending HP Discover 2013 in Las Vegas is to have a discussion with other thought leaders on Cloud, Security and Cloud Security — an area where there are continuing concerns, based on a perception of reduced control over the underlying infrastructure. These concerns, albeit valid, do not necessarily stem from the infrastructure itself. Instead they are more related to the manner in which the infrastructure is employed by its consumer — YOU.
Here are my top 5 steps that YOU can take to secure YOUR Cloud Computing Environment.
Peer Validation. Conduct a thorough evaluation of the registration process that YOUR service providers have in place. YOUR service providers provide cloud-based services to many consumers, including YOU. YOUR peer consumers could be Infiltrators R Us.
Interface evaluation. YOU should comprehensively evaluate the standards and security model in place for YOUR Applications Programming Interfaces (APIs) and conduct an impact analysis of the API chain, in the event it is compromised.
Human Nature. The malicious side of human nature could be targeted at individual, cloud-based service providers who are an extension of YOUR environment. YOU should be concerned about the recruitment practices of YOUR service providers, and monitor significant changes in their employee base.
Virtualization Vulnerabilities. YOU should ensure that the virtualized, multi-tenant images don’t allow rogue consumers to laterally penetrate environments on the same physical hardware.
Data Security. YOU must review the measures that YOUR service providers are taking to prevent data loss and have the appropriate mechanisms in place to mitigate the possibility of data integrity being compromised. (Even Big Data agrees.)
In the end, YOU are ultimately accountable for the extended IT environment. One simple step would be to ensure that your Service Providers conform to industry standards.
What are other steps YOU can take to ensure the security of Cloud-based solutions? I’m certainly looking forward to have a good discussion with YOU at TB1248 - How secure is your cloud? What you need to know and ask in Las Vegas.
Check out these resources for more HP Discover details:
Follow HP Discover at:
- Politics & Government
- Cloud Security