Current Filter: >>>>>>

   

As Piers Wilson, head of product management at Huntsman Security, points out, Clouds come in many different shapes and sizes. "But despite their undoubted business and IT benefits, security still tops the list of barriers to adoption. These concerns frequently revolve around the multi-tenancy nature of many cloud set-ups. Can you be sure your sensitive customer data and/or IP is protected from the virtual machines (VMs) of other tenants, some of whom may be competitors? Is your supplier certified to comply with relevant industry standards and regulations like PCI DSS and ISO 27001?"

These are all valid concerns, of course, especially in a world where the means to launch successful attacks in the cloud have been democratised, thanks to tools and knowledge widely traded on the dark web, he adds. "Those who try to 'shoehorn' traditional security products and techniques into their cloud environments are doomed to fail - leaving gaps which the bad guys are only too willing and able to exploit.

"The reality is that, when it comes to the cloud, you can't outsource accountability. You need to be proactive about vetting your provider, understanding what security controls they have in place, and where and how data is stored at all times. But, most importantly, you need to work out what protections you're expected to contribute to keep key data and systems safe from harm. Central to your plans should be reducing the attackers' dwell time - how long they're allowed to roam inside your systems without detection - which currently stands at a whopping 146 days. Threat intelligence needs to be consolidated in one place to be genuinely useful. And it must be able to baseline what's normal, in order to better spot unusual behaviour that could indicate a breach. "Applied in the right way, machine learning can help by automatically prioritising only the most critical threats, maximising your response team’s effectiveness. To help your efforts, invest in intelligent systems which can articulate the specific business risk to the organisation of any given cyber threat.”

ESSENTIAL CRITERIA
With the wave of digital transformation sweeping over enterprise and industry, business is revelling in the efficiency and added value gained from cloud computing. However, with these benefits comes the tricky question of how to secure access to data on these scalable, remote and flexible platforms, argues Ofer Amitai, CEO & co-founder, Portnox.

"Whether your business uses a public, private or hybrid cloud environment, there are some essential security criteria to be aware of when choosing a cloud vendor. There are numerous benefits of taking on-premise IT functions off-premise and up to the cloud - such as cutting costs, maintenance efforts and upgrades - but a major downside is the lack of control, and therefore visibility, of the network and who is accessing it. If a cloud vendor isn't willing to provide visibility into your network, how can your IT team be sure that they're covered against potential cyber threats?"

Another important criterion is compliance, he adds. Who is responsible for ensuring security compliance or industry-specific standards (such as HIPAA in healthcare and PCI-DDS in online retail)? "Asking to see a cloud vendor's compliance certificates is a good place to start. If they can't guarantee compliance, steer clear."

LEAKS AND BREACHES
Cloud computing benefits the mobile workforce and remote access, but proper authentication and authorisation of users/endpoints accessing the corporate database is essential to prevent data leakage and potential breaches. "Multi-factor verification together with logical and physical access controls are your best bets for cloud environments," says Amitai.

"If the vendor expresses hesitancy about allowing your organisation to apply its own network access controls, you should be worried about their basic level of security. Another important criterion to verify is the vendor's data leak prevention (DLP) protocols so that, in case of a breach, the responsibility for remediation is shared between parties."

Finally, an emerging challenge for cloud computing security is 'Shadow IT' or the unauthorised use of cloud applications, platforms and services. "Some of these platforms may expose corporate information, so it's important to have strict network security protocols and network visibility tools in place," he points out.

"More than this, organisations should be upfront with cloud computing/security providers about the extent of Shadow IT to fairly divvy up security responsibilities. To conclude, while it's worthwhile to embrace the benefits of cloud computing, don't let enthusiasm for cloud solutions overwhelm your network security priorities."

Page   1  2