Security On the Cloud

As more and more companies migrate their IT infrastructure to the cloud the main cloud-related concerns for businesses continue to be security, data control, and reliability. There are several factors to consider with any technological advancement. Most of these cloud-related concerns are not new and, with well-planned risk management, can be avoided to ensure data is both available and protected.

An ISACA Emerging Technology White Paper notes some common risk factors and solutions businesses should consider when making the move to the cloud.

• Enterprises need to be particular in choosing a provider. Reputation, history and sustainability should all be factors to consider.

• The dynamic nature of cloud computing may result in confusion as to where information actually resides. When information retrieval is required, this may create delays.
• Public clouds allow high-availability systems to be developed at service levels often impossible to create in private networks. The downside to this availability is the potential for commingling of information assets with other cloud customers, including competitors.

Companies should have a risk management program that is able to deal with continuously evolving risks. An experienced provider can deliver useful strategies for mitigating these risks. For example, requirements for disaster recovery should be communicated between the business and the provider. Having a detailed Service Level Agreement will help the company manage its data once it migrates to the cloud as well as outline expectations regarding the handling, usage, storage and availability of information. Companies should also consider their security and management options when choosing a public, private or hybrid cloud. What are the pros and cons of each?

Public Cloud

·         Pros: Because infrastructure is maintained outside of the organization , public clouds offer the greatest level of cost savings and efficiency - provides ability to add capacity as needed.  The public cloud has commoditized traditional technology infrastructure.

·         Cons: You share this cloud infrastructure with other users, potentially including competitors. Consider the sensitivity of the data to be stored on a public cloud and use encryption where required to protect corporate assets

Private Cloud

·         Pros: Because infrastructure is maintained on a private network, private clouds offer the greatest level of security and control. You own not only the data but the cloud that houses it too.

·         Con: Provides lower cost savings than a public cloud, and the infrastructure lifecycle has to be managed.

Hybrid Cloud

·         Pros: Includes a mix of public and private storage and server infrastructure. Different parts of your business data can be stored on different clouds, ensuring high security or efficiency where needed.

·         Con: You have to keep track of multiple platforms and ensure all parts can communicate to each other.

By keeping these factors in mind you can ensure a smooth and successful transition to the cloud with secure and easy access to your data.

Agile and proactive use of the cloud

The companies that we are engaged with currently all share a few common traits and these companies see that their competition is not the same as it was 2 or 3 years ago. In previous years, the SMB market shared common competition, they new where the competitions offices were, they had clients in common where they gained market knowledge, and they could see the activities the competition was doing. Not so today. The SMB market is changing and the new competition is coming at them worldwide. Take software, years ago the barrier to entry was extremely high both in talent and in the infrastructure to develop, test and deploy....this has all changed with the cloud. Talent is ready and eager to work, ideas are evolving, and infrastructure is inexpensive, secure, and reliable.

The companies that are embracing the cloud as a tool are more agile and proactive about driving their business. Most of these companies are experiencing huge and rapid growth. Why? They are able to respond to their customer needs, when the customer expects them to respond, and with more relevant information. They are able to do this because they have turned a cost center into a revenue generation tool and these businesses have more time to invest in what the customer wants. They no longer spend their time on break fix or capacity planning, they spend their time on what the customer needs.

Amazon Web Service

2nd Watch is now a solution provider for Amazon Web Service (AWS). We are excited for our customers as this means a greater level of support when leveraging AWS to expand revenues and cut IT costs. You can find us under Solution Providers at http://aws.amazon.com/solutions/solution-providers/.

Security and Compliance in the Cloud

I was reminded by many local IT leaders today while attending a Cloud information session that security and compliance is still top of mind when discussing Cloud IT.

The table below is the latest research I have done into vendor claims around compliance.

As it seems is always the case with Technology, the devil is in the details.  If you have ever worked with PCI compliance you know that Infrastructure is just a piece of the puzzle.  Vendors like Amazon and Microsoft can and do meet infrastructure requirements for PCI compliance.  Does this mean that if I host my e-commerce site on Amazon's EC2 Cloud Service I'm suddenly PCI compliant?  Not by Amazon alone.  You have solved some of the puzzle but you still have to deal with data storage, encryption, etc.  These are application level issues and things that Amazon's EC2 does not address (by design).

It doesn't mean Public Cloud Providers are not serious about security or compliance (quite the opposite actually).  It simply means Cloud providers are not silver bullets in the security or compliance category and you still need to engineer an appropriate solution to meet any security or compliance requirements you have.  Public cloud providers can still be used to achieve compliance across a number of initiatives.

Cloud providers add some impressive tools to your toolbox - use them wisely.

-Kris