Reducing Cloud Risk in an Increasingly Connected WorldSeptember 25, 2013 No Comments
The world is a different place today than it was 5, 10, 15, and certainly 50 years ago. Forget about sending a letter through the mail; simply finding a stamp can prove to be a Herculean task. For those born after 1985, a stamp is a small piece of paper that is purchased and displayed on an item of mail as evidence of payment of postage.
Unless you live in Canada, you double lock your front door and shred all personally identifiable paperwork before hauling out the trash — because all it takes is just a few bits of information for a savvy criminal to upend your life and your credit.
Things are also different at work. Not only do managers and critical IT personnel have access to corporate networks and applications, so too does the average 9-to-5 Joe (not that you’re average; you’re most likely exceptional).
This across-the-board access comes with across-the-board risk, especially in a world powered by the ease of cloud computing.
With employees, customers, business partners, suppliers and contractors increasingly accessing corporate applications and data with mobile devices from the cloud, protecting the edge of the network is no longer enough. As the traditional perimeter disappears, here are some things to do, according to an article on TheGuardian.com, to help ensure security in the cloud.
Extend security to the device: Ensure that corporate data is isolated from personal data on the mobile device. Install a patch management agent on the device so that it is always running the latest level of software. Scan mobile applications to check for vulnerabilities.
Add intelligence to network protection: The network still needs to be protected – never more so than in the cloud. Network protection devices need to have the ability to provide extra control with analytics and insight into which users are accessing what content and applications.
Build in the ability to see through the cloud: Security devices, such as those validating user IDs and passwords, capture security data to create the audit trail needed for regulatory compliance and forensic investigation. The trick is to find meaningful signals about a potential attack or security risk in the sea of data points.
Know who’s accessing what: People within your organization who are privileged users – such as database administrators and employees with access to highly valuable intellectual property – should receive a higher level of scrutiny, receive training on securely handling data, and stronger access control.
Limit data access based on user context: Change the level of access to data in the cloud depending on where the user is and what device they are using. For example, a doctor at the hospital during regular working hours may have full access to patient records. When she’s using her mobile phone from the neighborhood coffee shop, she has to go through additional sign-on steps and has more limited access to the data.
Take a risk-based approach to securing assets used in the cloud: Identify databases with highly sensitive or valuable data and provide extra protection, encryption and monitoring around them.
Adding a layer of advanced analytics – a security intelligence layer – brings all of this security data together to provide real-time visibility into the both the data center and the cloud infrastructure.
Patrick Burke is a writer and editor based in the greater New York area and occasionally blogs for Rackspace HostingCLOUD COMPUTING, Fresh Ink, SECURITY