How to Create a Cloud Computing Security Plan - dummies

How to Create a Cloud Computing Security Plan

By Judith Hurwitz, Robin Bloor, Marcia Kaufman, Fern Halper

Creating a cloud computing security plan should be the first consideration when switching to a cloud computing system. Whether you’re looking at creating a private cloud or leveraging a public cloud, you need to have a security strategy.

Security breaches can be the direct causes of service interruptions and can contribute to lower service levels. Also, data theft resulting from a security breach could result in a real or perceived breach of customers’ trust in your organization.

Don’t expect to be able to just run with your IT organization’s current security strategy. Cloud computing has unique security risks. Therefore, your strategy has to take this different computing model into account.

Security risks, threats, and breaches can come in so many forms and from so many places that many companies take a comprehensive approach to security management across IT and the business. Keep in mind the following pointers when creating your own cloud computing security plan.

  • In most circumstances, approach cloud security from a risk-management perspective. Be sure to involve your organization’s risk-management specialists in the planning.

  • The cost of security could be an issue. Be aware of what similar organizations spend on IT security and be prepared to spend a similar amount. It also helps to track time lost due to any kind of attack—as a measurement of cost that you may be able to reduce.

  • Identity management is key. Give priority to improving identity management if your current capability is poor.

  • Try to create general awareness of security risks by educating and warning staff members about specific dangers. It is easy to become complacent, especially if you’re using a cloud service provider. However, most security breaches are created inside the network.

  • Use external IT security consultants to regularly check your company’s security policy and network, as well as those of your cloud service providers.

  • Determine specific IT security policies for change management and patch management, and make sure that policies are well understood by your staff and your cloud service provider.

  • Stay abreast of news about IT security breaches in other companies and the causes of those breaches.

  • Review backup and disaster-recovery systems in light of IT security. Apart from anything else, IT security breaches can require complete application recovery.

Because of the complexity of securing cloud environments, many organizations use hybrid cloud environments that include public as well as private clouds.

Cloud service providers each have their own way of managing security. Sometimes, the cloud service provider’s security plan will conflict with your company’s rules. Before you implement your security plan you need to ensure that it will complement your provider’s plan — not create more problems.