Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Securing the Cloud: Separation and Isolation is Key

With the vast amount of data stored on the public cloud, how do you know if your data is truly secure?  What steps can you take to ensure you make the right choice when transitioning to the cloud?

The market for cloud infrastructure, platforms and applications is growing at a rapid pace; in fact, AMI research estimates that SMB cloud spending alone will reach $100B by 2014. It’s no surprise then that many, if not most organizations are looking to the sky as they move more and more data to the cloud.

With the vast amount of data stored on the public cloud, how do you know if your data is truly secure?  What steps can you take to ensure you make the right choice when transitioning to the cloud?

The market for cloud infrastructure, platforms and applications is growing at a rapid pace; in fact, AMI research estimates that SMB cloud spending alone will reach $100B by 2014. It’s no surprise then that many, if not most organizations are looking to the sky as they move more and more data to the cloud.

Separation and Isolation of Information in CloudCloud computing is driving applications to shared infrastructure en masse; it’s reducing IT costs and enabling collaboration. But with the vast amount of data stored on the public cloud, how do you know if your data is truly secure? And what steps can you take to ensure you make the right choice when transitioning to the cloud? 

When considering a move to the cloud, there are some important issues to address. The first is your provider. IT professionals considering a move to the cloud are well advised to qualify the provider and the technology that will be safeguarding their information before they make the move. A good way to measure available options in the IT space is to determine if they’ve been certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA) and the Agency and National Institute of Standards and Technology (NIST).

Once certified, an organization’s technology will be assigned a Common Criteria Evaluation Assurance Level. Many IT products and operating systems available today are certified to EAL4+, the level of security appropriate for inadvertent and casual attempts to breach a system’s security. If you are looking to truly safeguard your information in the cloud, you will want to look for a system that boasts EAL6+ High Robustness, which provides the most stringent protection and rigorous security countermeasures against hostile and well-funded attackers. The Cyber Secure Institute is a great resource to look to when determining an IT provider’s security level, as its aim is to raise awareness about the Common Criteria and the organizations that have taken steps to ensure their technology is secure.

Once you’ve indentified and vetted a provider, the next important question is, “What data should be moved to the cloud?” This question is important because the answer may surprise some people: not all information is suitable to be stored on the cloud. Some information is too critical and should be isolated to maintain security. Never treat your organization’s data as one big lump. Some information may be proprietary and confidential; data including health records and social security numbers may want to be kept off the public cloud until you’re confident in its security. On the other hand, you may have data that you really want to be accessible by the public – this is the type of information that is well-suited for the initial move to the cloud.

Start your move to the cloud with your very public-facing data (company websites, shared calendars) and once you’ve built confidence in your provider, begin incrementally moving more private information to the cloud. Once more secure data is transitioned to the cloud, it’s essential that it be kept securely separated from non-sensitive information.

As cloud computing and virtualization technologies continue to improve the way we do business, interact and transact, taking advantage of cloud computing technology without compromising IT security should be your organization’s leading goal. If you approach transitioning to the cloud incrementally, taking steps to separate sensitive information from non-sensitive information, you’ll find a transition to the cloud offers a risk vs. reward balance.

Related Reading > 2010 Device Integrity Report: U.S. Unprepared for Internet Device Flood

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.