About MCPc

MCPc is a trusted technology products and solutions provider driven by a team of dedicated, customer-focused professionals with experience solving complex business challenges.

Posts by Category

MCPc Blog

Current Articles | RSS Feed RSS Feed

How To: Plan for Cloud Security

Posted on Tue, Jan 10, 2012 @ 12:14 PM

Whether choosing a public cloud provider or setting up your own private cloud on premise, cloud technology will be as safe and secure as it’s designed to be. When outsourcing to a public cloud offering, ask yourself: “Will my provider give my data, security, access and overall environment the same due diligence that we would onsite?”

This post outlines considerations when planning your secure, cloud-based IT environment.

Stepping Stones toward a Secure Cloud

Chief security officers (CSOs) and organizations should not accept that policy alone will govern the security of their data—the only possible way to guarantee the security of your data is to practice defense in depth security yourself. Inspect what you expect.

How well secured will your moving and at-rest data be in the cloud? Multifactor authentication and a recurring review process for data access, security and penetration testing are good practices to follow for the most secure IT environment, regardless of whether the data is in the cloud or not.

Whether private or public, the following are three recommendations to consider to ensure your cloud is secure, including steps before and after cloud implementation.

cloud security

Pre-Cloud:

Start planning by positioning yourself as your organization’s ‘legal team.’

Ensure that your organization and its providers have clearly defined contracts in place for existing and moving data. When hosting in a shared environment, know in writing:

  • How will data be replicated? Destroyed?
  • Where data will be stored? Do global locations fall outside jurisdiction or within the lines of politically unstable countries?
  • How will the data be encrypted at rest? In motion?
  • Who has access to your cloud and data? Who should have access?
  • How frequently is the list of authorized cloud users being revised, and how frequently are requirements tested?
  • What sort of penetration testing is in place, and how frequent is testing performed?
  • What are the SLA’s for uptime, data loss, data theft?

Once you’ve gathered this information, review with your organization’s legal team to make sure the contract and service-level agreements (SLAs) are complete and in accordance with compliance requirements.

I strongly advise clients to consider what SLAs should look like in case of a breach, and what actions should be in place. Let’s look at the case where your organization’s master customer database is stored within a cloud solution: If, due to an error by the cloud provider, the data becomes available to competitors, does the SLA cover the leak? What if the situation is due to a flaw in the underlying operating system and is not the result of cloud provider negligence?

The security conversation you’ll need to have with potential providers is not as much about availability and whether you can access data, but more about the impact and action plans in place for potential theft or data loss. Availability is assumed… the SLA’s to govern that are readily available.

Remember that until any legislation is updated to specifically address the cloud, meeting industry compliance requirements like HIPPA, SOX and PCI is your responsibility—not your provider’s.

Post-Cloud:

  • Re-analyze your security posture—both as it relates to your organization alone and now, with a cloud provider. Does the provider amplify security assets, or are there holes in security planning?
  • Conduct your own internal security audits and penetration testing. Try to hack your cloud, or pay experts to do it.

There’s much more you can do to ensure your organization is securely moving to the cloud. Read on for information on the MCPc approach—Walk your way into the cloud.

Your Thoughts?

What challenges have you faced with finding security in the cloud? How have you overcome the more common obstacles?

 

Andy Jones

Andy Jones is Senior Vice President of Sales. He has more than 15 years of IT industry experience, and is an expert on cloud, virtualization and managed services solutions. Connect with Andy on LinkedIn.

 

Stay Connected with MCPc: Subscribe to the blog; follow us on Twitter, Facebook or LinkedIn. 


Image credit: febelix

Tags: , , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics

MCPc Blog

The MCPc Blog offers insight into common business technology products and solutions, as well as an inside look at MCPc's people and culture. 

Subscribe by Email

Your email:

Connect with MCPc

Latest Posts

Most Popular Posts

Posts by Month

Copyright © 2010 MCPc, Inc. All Rights Reserved. All Rights Reserved. Designed and Developed by Wakefly