Many organizations still have uncertainties regarding the implementation of cloud technology for their enterprise, with security being a key concern. In order to allay their overall apprehension first requires an understanding of what makes dealing with security in a cloud different from conventional IT enterprises. This knowledge will help an organization to mitigate the security risks through the establishment of the proper controls, technologies and procedures.
There are significant security concerns that need to be addressed when moving mission critical applications and sensitive data to the cloud. Information Technology (IT) security company Symantec, commissioned a study for their 2011 State of the Cloud survey, to examine organizations that are adopting cloud computing. The survey found that security was considered as both the top goal and top concern by those organizations. Four years later the goal of cloud security remains elusive and is complicated by increased threat vectors, the emergence of data privacy issues and the convergence of mobile devices, social networks, and analytics.
Growing cloud use presents new cyber security challenges
There are numerous complex security issues and considerations that require evaluation when transitioning mission critical applications and sensitive data to public and hybrid cloud environments. The top areas of concern include:
• Physical Security
• System Boundaries
• Data and Application Governance
• Security Intrusion Monitoring
• Identity and Access Management
• Regulatory Compliance and Audit
What can be done to realize the goal of secure cloud computing? One key point to be made is to consider security and compliance requirements at project inception and not wait until the deployment phase, as it’s difficult to retrofit security at that juncture. Transitioning to a cloud may be the ideal opportunity for an organization to perform a security audit and identify all relevant security and auditing standards. For organizations that have less than adequate enterprise security, this can be an opportunity to tighten up and improve security.
The National Cybersecurity Institute at Excelsior College is a powerful resource for learning more about cloud security. With a dedicated focus on cybersecurity education as it relates to government, military, industry and beyond, the NCI is ideally positioned to provide guidance on issues associated with cloud security. Cloud Security is discussed in our new book Cybersecurity in Our Digital Lives or visit Excelsior College to learn more about cyber and cloud security educational opportunities
As security plays an even more important role in the cloud computing realm, organizations will need to become more familiar with the security aspects of cloud computing and how they differ from their traditional IT models. This will help drive successful IT strategy and implementation, and lead to realizing the goal of secure cloud computing.