Three recommendations for cloud security
65 percent of Dutch organizations regard information security as the biggest challenge in cloud computing. This is shown by research by Computable and Jaarbeurs. 502 people took part in the research, mainly working for end users. Slightly less than half of the respondents (48 percent) cited privacy as the biggest challenge within cloud computing after information security. It is clear that concerns about security and privacy stand in the way of the application of cloud computing. That’s a pity, because these challenges can be solved easily.
To embed cloud computing safely and securely in the ICT landscape, a well thought-out ABC (Application & Business Architecture) architecture is crucial. With at its heart a so-called point of control, the central place where people, systems and information come together. This point of control regulates the secure access to and handling of information, applications and systems, regardless of whether they are somewhere in the cloud or in their own environment. Such a point of control can also be in the cloud itself.
Security of just the network or do you need more than that?
In it-security, the focus has long been on the security of the network. Firewalling, intrusion prevention and anti-malware are still leading in most security projects today. But more needs to be done. Modern concepts place much more emphasis on the data, the applications and the users. Cloud computing accelerates this development even more. Security and privacy play a prominent role in thinking about the application of cloud. After all, the data is elsewhere. That makes it difficult to know what happens to it and who has access to it. Context-sensitive security offers the solution: ‘can this user access this information from this location and via this device at this point in time? Or ‘is this user the person he claims to be? These are questions that can be answered from the point of control. And from where the security policies are automatically imposed.
Three advices
Legally, you remain responsible for handling your customers’ data, even when they are in the cloud. Check how your cloud provider handles (the backups of) your data, Who has access? Where is the data? To what extent must the provider comply with legal requirements of other powers? What is the quality of the provider’s other customers. Also, invest in good solutions for identity & access management, a BPM tool and content security. And finally, bring your own device, apps and data. Develop a policy for this and choose the right platforms.
For more information about cloud security, business architecture and content security check Valueblue.