How to Create a Cloud Computing Security Strategy - dummies

How to Create a Cloud Computing Security Strategy

By Judith Hurwitz, Robin Bloor, Marcia Kaufman, Fern Halper

Even if your IT organization already has a well-designed security strategy, different issues will surface with cloud computing. Therefore, your strategy has to take this different computing model into account. In fact, you want to make sure that your IT security strategy is lined up with your cloud security strategy.

Pointers for creating a cloud computing security strategy include:

  • In most circumstances, approach cloud security from a risk-management perspective. If your organization has risk-management specialists, involve them in cloud security planning.

  • IT security monitoring has no simple key performance indicators, but be aware of what similar organizations spend on IT security. It also makes sense to keep track of time lost due to any kind of attack — a useful measurement of cost that you may be able to reduce over time.

  • You need identity management for many reasons, and identity management offers many benefits. Give priority to improving identity management if your current capability is poor.

  • Try to create general awareness of security risks by educating and warning staff members about specific dangers. It is easy to become complacent, especially if you’re using a cloud service provider. However, threats come from within and from outside the organization.

  • Regularly have external IT security consultants check your company’s IT security policy and IT network and the policies and practices of all your cloud service providers.

  • Determine specific IT security policies for change management and patch management, and make sure that policies are well understood by your service management staff and by your cloud service provider.

  • Stay abreast of news about IT security breaches in other companies and the causes of those breaches.

  • Review backup and disaster-recovery systems in light of IT security. Apart from anything else, IT security breaches can require complete application recovery.

When a security breach occurs on a specific computer, the applications running on that computer will likely have to be stopped. Consequently, security breaches can be the direct causes of service interruptions and can contribute to lower service levels. Also, data theft resulting from a security breach could result in a real or perceived breach of customers’ trust in your organization.

Security is a very complex area for both internal IT organizations as well as the cloud service providers. Many organizations will have hybrid environments that include public as well as private clouds. Internal systems will be connected to cloud environments. New frontiers add complexity and risk.