Cloud security: Try these techniques now
From divvying up responsibility to using third-party tools, here's how some companies are approaching the problem.
For Logiq³ Inc., the decision to go with a cloud-based provider of IT infrastructure as a service (IaaS) was a matter of cost and flexibility.
A start-up that began operations in 2006, the Toronto-based life reinsurance management firm could not afford to build and staff a data center from scratch, according to David Westgate, Logiq³'s vice president of technology. So Logiq³ instead chose cloud computing and managed IT services provider BlueLock LLC to handle its data needs in the cloud.
BlueLock's virtualized environment allowed data and volumes to move between systems in a dynamic, low-cost way that would be impossible with a traditional, hosted environment, Westgate says.
There were, however, security concerns to be addressed before Logiq³ would entrust its critical systems to BlueLock's cloud. The life reinsurance company handles death records, which include personal information like social security numbers, as well as financial data and information about major assets that its large financial customers have on their books. Although Logiq³ isn't regulated by the U.S. government's Sarbanes-Oxley Act, its customers in the financial sector are, "so they'll be auditing us," says Westgate. As a result, Logiq³ needed potential cloud vendors to demonstrate that they were in compliance with applicable regulations and could provide high levels of security.
Logiq³ is far from alone. While security and compliance issues crop up in any Web-based outsourcing arrangement, businesses are justifiably concerned about putting everything in a virtualized cloud. It's a comparatively new service area where risks are unknown -- "which in itself is a risk," says Jay Heiser, an analyst at Gartner Inc. "If I can't figure out how risky something is, I have to assume it isn't secure."
The extent to which hackers can take advantage of unique cloud vulnerabilities is being hotly debated at Web sites like Linkedin.com's Cloud Computing Alliance. So far, there have been few instances of a successful, large-scale data breach on a public cloud. Just recently, however, someone managed to set up the Zeus password-stealing botnet inside Amazon.com Inc.'s EC2 cloud computing infrastructure by first hacking into a Web site that was hosted on Amazon servers.
It is, in other words, early days yet in the cloud computing industry. Cloud vendors are, in some instances, playing catch-up on the security front, and IT managers are trying to figure out just exactly what the risks are and how to counter them.
Divvy up responsibility
A crucial first step is for cloud-based service providers and their potential clients to sit down and determine who has responsibility for securing and protecting what components of the IT infrastructure, which often spans both companies' systems. Sometimes, particularly with an IaaS provider, the division of labor is negotiable. For example, at Logiq³, Westgate decided to let BlueLock handle patching and configuration management because he was familiar with the software BlueLock was using, a tool from Shavlik Technologies LLC.
- Cloud security concerns are overblown, experts say
- Cloud computing 2014: Moving to a zero-trust security model
- Amazon hiring 'top secret' IT staff as it fights for CIA work
- Empire state ends IT empire building
- No, your data isn't secure in the cloud
- Snowden revelations may cost U.S. cloud providers billions, says study
- DHS shifting to cloud, agile development to boost homeland security
- Cloud computing's big debt to NASA
- Coke bottler picks SaaS over SAP
- Inmate data paroled from mainframe
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Live Webcast Best Practices: How to Improve Business Continuity with Virtualization VMware solutions include a range of business continuity capabilities to help ensure availability for applications across your virtualized environment. Learn More>>
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- Live Webcast
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Topic Center White Papers | Webcasts