Patrick Kerpan on Virtual Strategy Magazine: 7 Attributes of Highly Successful Cloud Security Deployments

7 Attributes of Highly Successful Cloud Security Deployments

Cloud is the backbone of many, many enterprises around the world. In 2019, IDC expects service providers will spend $33.6 billion on IT infrastructure for delivering public cloud services, while spending on private cloud IT infrastructure will reach $19.4 billion.

At the same time, the past few years have seen some of the largest and most public security breaches in history. The Ponemon U.S. Cost of Data Breach study estimates that average total cost of a data breach rose to $3.8 million in 2015.

With the ever-growing use of private and public cloud and the unending attacks by hackers, organizations of all sizes have to protect their critical data wherever it is.

This article first appeared in Virtual Strategy Magazine :

To successfully secure cloud deployments – and deliver the experience an enterprise user expects – IT teams that pay attention to a new hierarchy of the following 7 cybersecurity needs will stay one step ahead of hackers and take good care of their enterprise data.

1. Connected

People want to access their work in the cloud without triggering the corporate immune system. IT teams must ensure that people can easily connect to and access everything in the cloud in a way that works with how the company behaves “traditionally”. Virtual private networks (VPNs) have been around for decades for good reason: they work. A VPN is designed to provide secure, encrypted tunnels to transmit data between trusted resources, whether they are in a cloud, shared office, or data center.

2. Encrypted

Everyone in a technical role from application architect to sysadmin can take extra steps to ensure data in motion is not easily “readable”. Data is at risk when it travels across the public internet or a shared network (this is called data in motion). To guard critical data as it travels across the public internet and sits on servers, encryption ensures no one else can transcribe (or “sniff”) the contents. As Bruce Schneier writes, “Encryption does not protect your computer or phone from being hacked…but encryption is the most important privacy-preserving technology we have, and one that is uniquely suited to protect against bulk surveillance.”

3. Firewalled

IT teams must understand the relationships of critical data and how applications use and transmit it between applications in the same network and out to the world. There are logical steps to take to securely allow data to travel beyond the network edge and across the internet. Limit accessibility to critical data even if the organization is using cloud port filtering, network ACLs, and an encrypted network. Internal network firewalls are additional security filters cloud users can control on top of the cloud-provider security offerings.

4. Distributed

One part of cloud computing that is hard for users to deal with is “it seems so far away”, but the fact that it is darn near “everywhere” is one of its strengths. IT teams can build in new forms of availability by having agile, automated, API-enabled access to resources in disparate geographic locations. Plus, the fact that application architectures can all run on one logical network to, through, and across the clouds – all the better, all the simpler, all the less expensive to own, manage and operate.

5. Segmented

Even once an application is distributed, IT teams can continue to enforce specific policies that segment the application not only from the outside, but from within itself. IT can ensure these policies are able to float above the cloud VPCs/VNETs/VLANs the network is running in. Each enterprise application should be considered critical and deserves a perimeter inside the network.

6. Secured

The beauty of cloud-based systems is that the applications, servers, and data do not care about the data center, the hardware, or “where” they are running. Cloud-based resources only care about if the application is up, running, and accessible. Removing underlying worries allows IT teams to focus on providing higher level features and functions that were once subject to department-wide decision processes. Rather than create blanket security rules, distributed and segmented applications can run specific security rules. IT teams can application-centric network intrusion detection that has rules only related to one set of web servers, app servers, and databases.

7. Integrated and Optimized

Distributed, segmented and secured applications are allowed to be self-interested narcissists in the cloud. That said, each application is part of a larger organization, and needs to be able to interact with other applications. Application resources should be isolated, but will need to be able to manage, monitor, recover, replace, and migrate with other cloud application elements. A virtual network needs to be a part of the application interactions. As a result devices need SNMP, LDAP-integration, other forms of monitoring, APIs, agents, high availability, MFA, password recovery, and on and on. Once IT teams have all this control and insight into the network their lives can become much simpler!

Cloud application owners can experience the ease of cloud computing by merely spinning up resources in a public cloud. But the real benefits of cloud come when IT teams can both secure and integrate their systems to be connected, encrypted, firewalled, distributed, segmented, secured and integrated.

In the era of massive cybersecurity data breach news, not even standards for compliance saved Anthem, Target, TalkTalk or others from attacks. Using the public internet opens everyone up to vulnerabilities. Checklists are no longer a valid security strategy.

Climb the 7 level cybersecurity hierarchy to stay one step ahead of hackers and ensure critial enterprise data is truly secure.

Read the full article at Virtual Strategy Magazine :

By: Margaret Valtierra