How To Know What To Safely Send To The Cloud

  /     /     /  
Publicated : 22/11/2024   Category : security


How To Know What To Safely Send To The Cloud


Online services have come under increasing attack -- how can enterprises ensure that their cloud service is secure and available?



The dark side of the clouds silver lining has become apparent during the past few months. With the Amazon outage, the breach of marketing service provider Epsilon, and the attack on Sonys PlayStation Network, companies have significant fodder for concerns over the security of the cloud.
Cloud providers need to find answers to allay these concerns. These services can be as secure as keeping data in the traditional enterprise network is, but the services are not there quite yet, says Chris Whitener, chief security strategist for Hewlett-Packard. When we talk to customers, the first impediment to adopting cloud is worries over security, he says.
Companies need to realize that cloud providers tend to have infrastructure that mirrors the DNA of the source of their computing power, Whitener says. For example, Amazons cloud services are based on its experiences providing an available retail experience. A cloud based on a banks excess capacity, meanwhile, might have more security built into it.
Information security teams should spend their time formulating policies that incorporate the providers strengths and weaknesses that come from its specific DNA, Whitener says. If companies figure out what business risks they have by putting their data in the cloud and then create policies on how to handle that risk, they will be much better prepared, Whitener says.
Look for vendors that can accommodate those policies and route your more secure requests to those facilities that have security and have logging and have reporting and have encryption and all the DNA that you would have in your enterprise, Whitener says. There are clouds like that.
Too often companies do not consider the consequences of losing their data to theft or access to the data because of problems with availability. There is not enough due diligence done, says Josh Corman, research director of The 451 Group.
Its like if you had a date tonight, would you let a random stranger watch your kids? he says. No. There is a whole bunch of questions you would ask.
The top question is, what data should be put in the cloud? To answer that, a company should be more concerned about the impact of the data on its business, says Andrew Hillier, chief technology officer with data center analytics firm CiRBA.
Modeling whether your data is low-impact, medium-impact, or high-impact on your business answers the question of whether you move it to the cloud, Hillier says.
One shortcoming of current cloud offerings is that customers dont have much negotiation room or ability to modify the security of high-level services, says Jay Heiser, research vice president for Gartner. Larger companies tend to have more negotiating power, but they also are less likely to put the corporate jewels into a cloud service.
If an organization doesnt know how secure they are, then its likely that they can buy something thats more secure than what theyve got, Heiser says. Global financial service firms are in a better position to know how secure their infrastructure is than to know how secure their SaaS vendor is. A small mom-and-pop shop is not.
A final consideration: If online attackers are targeting clouds because they aggregate so many attractive targets, then putting your data in the same basket might actually put it at higher risk, Heiser says.
It is a huge single point of failure, Heiser says. Any individual company has to look at it as whats the risk to my organization, but attacks, such as the Epsilon thing, suggest that there is a higher systemic risk to putting a huge, huge basket of golden eggs out on the Internet.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How To Know What To Safely Send To The Cloud