Upload
john-kinsella
View
452
Download
0
Embed Size (px)
DESCRIPTION
Slide deck that accompanies an article I wrote for CSO Online
Citation preview
5 Critical Security Issues in Cloud ComputingInformation security can make or break your cloud projectBy John Kinsella, Protected Industries / published by CSOonline.com
Private clouds are not secure A cloud placed behind enterprise firewall is not inherently
secure – it needs to be implemented and managed with security in mind
Security is limited to the weakest link – be that users, departments with less security sense, or unprotected applications
Consider that a private cloud might morph to public in the future via “capacity clearinghouses.” Security could quickly become a large concern, at too late a point in time
Security visibility and risk awareness Monitoring not just resources, but the security state of a
cloud is of utmost importance Do not just gather metrics – make them easily accessible,
displayed in a meaningful way. Look for potential issues every day, not only during compliancy-required monthly reviews
Research what metrics your cloud provider is able to provide. Consider how they can improve your security posture
Safely storing sensitive information Sensitive data must be encrypted with a strong industry-
trusted encryption library. Do not “roll your own” Very difficult to guarantee absolutely no eavesdropping in a
cloud environment Decide to encrypt data in the cloud, or before It gets to the
cloud
Application security The shared environment and difference in security
architecture of a cloud increases the importance of application security
Before migrating an application to the cloud, perform an architecture review and see where cloud benefits can be leveraged
Migrating an application to the cloud is a unique chance to increase the security of the application through increased availability, ability to scale, and use of cloud APIs
Authentication and authorization Should enterprise authentication be extended to the cloud?
Depends on usage and sophistication of security program Authentication system should be flexible enough to support
different authentication methods for different cloud services Wide variety of commercial solutions available Authentication and authorization system logs can provide
insight into reconnaissance or malicious activity
Read the article at www.csoonline.com/article/717307
By John Kinsella, Protected Industries www.protectedindustries.com