5 Critical Security Issues in Cloud ComputingInformation security can make or break your cloud projectBy John Kinsella, Protected Industries / published by CSOonline.com

Private clouds are not secure A cloud placed behind enterprise firewall is not inherently

secure – it needs to be implemented and managed with security in mind

Security is limited to the weakest link – be that users, departments with less security sense, or unprotected applications

Consider that a private cloud might morph to public in the future via “capacity clearinghouses.” Security could quickly become a large concern, at too late a point in time

Security visibility and risk awareness Monitoring not just resources, but the security state of a

cloud is of utmost importance Do not just gather metrics – make them easily accessible,

displayed in a meaningful way. Look for potential issues every day, not only during compliancy-required monthly reviews

Research what metrics your cloud provider is able to provide. Consider how they can improve your security posture

Safely storing sensitive information Sensitive data must be encrypted with a strong industry-

trusted encryption library. Do not “roll your own” Very difficult to guarantee absolutely no eavesdropping in a

cloud environment Decide to encrypt data in the cloud, or before It gets to the

cloud

Application security The shared environment and difference in security

architecture of a cloud increases the importance of application security

Before migrating an application to the cloud, perform an architecture review and see where cloud benefits can be leveraged

Migrating an application to the cloud is a unique chance to increase the security of the application through increased availability, ability to scale, and use of cloud APIs

Authentication and authorization Should enterprise authentication be extended to the cloud?

Depends on usage and sophistication of security program Authentication system should be flexible enough to support

different authentication methods for different cloud services Wide variety of commercial solutions available Authentication and authorization system logs can provide

insight into reconnaissance or malicious activity

Read the article at www.csoonline.com/article/717307

By John Kinsella, Protected Industries www.protectedindustries.com