A targeted approach to cloud security

Cloud security has to be an extension of a business’s entire security programme
Scott Manson is the security leader for the Middle East at Cisco.
Scott Manson is the security leader for the Middle East at Cisco.

Share

By Scott Manson

Today, cloud use for business computing is no longer the exception, but rather the norm. Customers want to be able to take advantage of the increased agility and improved economics that come with moving to the cloud while still protecting their data, applications, and users.

Security is traditionally applied at the network perimeter; this disappears in cloud-based computing, in which borderless networks connect many types of users with enterprise private data centres and cloud based resources. In working with customers to identify their cloud use, Cisco discovered that large customers now use on average 730 individual cloud services and capabilities including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS).

Cyberattacks today target users – not the infrastructure. Cloud security can’t be solved with legacy security technologies or siloed approach. Cloud security must be as dynamic. It has to be an extension of a business’s entire security programme where security is embedded into the intelligent network infrastructure, integrates with a rich ecosystem of applications and services, is pervasive across the extended network, not just networks themselves but all endpoints, mobile and virtual. This in turn extends to wherever employees are and wherever data is.

Naturally, education and training should play a key role in any cloud security effort that focuses on reducing risk among select users. IT leaders should also invest in automation solutions. By reducing the potential for human error, automation can play a powerful part in cloud security strategy.

If there is any advice I could give enterprises on how they could minimise risk of cloud computing at the most simple level, these would be:

Due diligence while researching a cloud solution: Be sure to review the cloud service providers’ (CSPs) security history and references; ask about known security vulnerabilities.

Utilis­­ation of a Single Sign-on (SSO) solution to add security (and convenience): An organisation might be using a number of cloud services and applications and individual users could have multiple sets of credentials, which can be exposed. SSO means that there are fewer accounts to manage as users enter and leave the organisation and users have only one set of credentials and are less likely to write them down so they can remember them.

Working with a third party to assure cloud security on a regular basis: Work with an expert on a regular basis, either as a consultant for your business, or perform third-party audits to ensure that your CSP is compliant with your industry’s standards of security.

Implementation of end-to-end encryption: Ensure the CSP has solutions for encrypting data not only in transit, but also when the data is at rest. For the lowest risk, your data should be encrypted prior to upload, while it is in storage and can only be decrypted with the correct encryption key. Data must be mobile, and it must be secure as it travels, so secure the data by using an encrypted and secured communication protocol.

Regular update of in-house software: Your CSP has an impossible job if they have to support outdated software with known security risks.

The cloud is, undoubtedly, the future of computing and will prove to be a significant factor in businesses remaining competitive. While we may not be able to secure the entire cloud, all the time, the goal of enterprises should be to build resilience into their cloud situation and know what to do if an incident occurs with the data.

Editor's Choice

The robots are coming: Impact of AI on executive search
As the technology industry’s elite struggle to agree on the potential impact of AI and a raft of people queuing up to advise on the potential disruption it will cause, this article by John Curtis-Oliver, Partner at Boyden studies the potential impact on the executive hiring and the executive search industry.
Saudi Football changes pitch from MBC to STC
The news comes just a few days after the release of Saudi businessman Waleed al-Ibrahim, who has management control of MBC. Reuters reports senior Saudi officials saying that Ibrahim agreed to an “undisclosed settlement after admitting to unspecified violations”.
HetNets: paving the way for “ultraband” age
Over time, telecom operators will provide consumers with a “universal connectivity” service (to rule them all), incorporating Wi-Fi and mobile broadband as a single resource, in an “always best connected” mode, leading to an ultraband connectivity service.

Don't Miss a Story

You may also like

‘Consumerising’ the enterprise service experience
In principle, there is no difference between opening a purchase order and buying a concert ticket online—except that enterprise services are still delivered using decades-old technology and unstructured processes.
Giving credit where it’s due
How often do we appreciate each other and learn from experiences to move forward
Time to rethink security metrics
Organisations need to consider new metrics for security operations
Preparing service providers for the 5G era
Current networking technologies are insufficient for the 5G world