Securing the Cloud: Where to Begin?

When an enterprise hands over the keys to its kingdom in the form of cloud computing, whether it be for storage purposes or SaaS, knowing where the biggest exposures are and how to approach security is critical.

On top of that, considerations of the public versus private cloud, and hybrid versus full off-site usage are other variables that require assessment and navigation when it comes to harnessing proper security solutions.

Obviously security will range between IaaS, SaaS, and PaaS, as responsibilities will fall on either the company or the provider, or a hybrid of each. The customer has responsibility for the deployment of the entire software stack in an IaaS approach, which also means the customer will be on the hook for the security solution.

The structure changes when cloud solutions are used in the Platform as a Service mode, as the customer will have responsibility for application deployment and securing access to the application itself. Unlike the IaaS setup, however, the solution provider has responsibility for properly securing the infrastructure, operating system and middleware.

The pendulum swings almost entirely as security policy constraints are mostly the responsibility of the provider in a Software as a Service function.

Another obstacle is the hybrid cloud versus full off-site option for enterprises. “Enterprises need to know where the exposure is,” 451 Research Analyst Carl Brooks said to Enterprise Mobility Exchange. “There can be a shift in where the threat vector is, and [hybrid cloud] may open vectors you weren’t thinking about on the backend. Businesses tend to become more vulnerable through apathy.”

So the final step in securing the cloud is figuring out which service – public or private – offers the best framework to keep the enterprise’s data locked down.

A public cloud, of course, is accessible to all, i.e. Amazon, Dropbox, etc. and the security measures are placed in the trust of a provider. Customers don’t have any opportunity or ability to monitor the security structure of a public provider. A private cloud setup, which gives customers access to the physical hardware and servers, creates a sturdier security posture for the enterprise. But while the outside world may not have access to the private cloud setup, internal employees do, and the company is on its own it comes to defending any kind of breach, hack, or attack.

When enterprises finally decide to make the move to the cloud, deciding what services are needed and what setup (public or private) will be the most integral piece of the security puzzle when choosing a method.

Securing the cloud will be up for discussion at Enterprise Mobility Exchange’s Security West event, April 24 and 25 in Phoenix, Arizona. The agenda topic “Successfully Extending Your Securities To The Cloud” will touch on identifying the vulnerabilities in your security when it comes to cloud; which service – IaaS, SaaS, or PaaS – provides the most comprehensive security; and how can one remediate threats to the cloud?

The Exchange is where 40 CIOs, CISOs, Directors, VPs, and Heads of IT will gather for an information sharing strategy session, featuring a two-day agenda packed with speakers, roundtables, and networking opportunities.

To learn more about the Exchange format and how it works, visit the Security West Coast site here.

To keep up with industry news, sign up for Enterprise Mobility Exchange’s newsletter here, follow us on Twitter @mobilityxchange, and join our LinkedIn group, Enterprise Mobility Exchange, by clicking here.