Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Securing the Cloud: Separation and Isolation is Key

With the vast amount of data stored on the public cloud, how do you know if your data is truly secure?  What steps can you take to ensure you make the right choice when transitioning to the cloud?

The market for cloud infrastructure, platforms and applications is growing at a rapid pace; in fact, AMI research estimates that SMB cloud spending alone will reach $100B by 2014. It’s no surprise then that many, if not most organizations are looking to the sky as they move more and more data to the cloud.

With the vast amount of data stored on the public cloud, how do you know if your data is truly secure?  What steps can you take to ensure you make the right choice when transitioning to the cloud?

The market for cloud infrastructure, platforms and applications is growing at a rapid pace; in fact, AMI research estimates that SMB cloud spending alone will reach $100B by 2014. It’s no surprise then that many, if not most organizations are looking to the sky as they move more and more data to the cloud.

Separation and Isolation of Information in CloudCloud computing is driving applications to shared infrastructure en masse; it’s reducing IT costs and enabling collaboration. But with the vast amount of data stored on the public cloud, how do you know if your data is truly secure? And what steps can you take to ensure you make the right choice when transitioning to the cloud? 

When considering a move to the cloud, there are some important issues to address. The first is your provider. IT professionals considering a move to the cloud are well advised to qualify the provider and the technology that will be safeguarding their information before they make the move. A good way to measure available options in the IT space is to determine if they’ve been certified by the National Information Assurance Partnership (NIAP), a U.S. government initiative operated by the National Security Agency (NSA) and the Agency and National Institute of Standards and Technology (NIST).

Once certified, an organization’s technology will be assigned a Common Criteria Evaluation Assurance Level. Many IT products and operating systems available today are certified to EAL4+, the level of security appropriate for inadvertent and casual attempts to breach a system’s security. If you are looking to truly safeguard your information in the cloud, you will want to look for a system that boasts EAL6+ High Robustness, which provides the most stringent protection and rigorous security countermeasures against hostile and well-funded attackers. The Cyber Secure Institute is a great resource to look to when determining an IT provider’s security level, as its aim is to raise awareness about the Common Criteria and the organizations that have taken steps to ensure their technology is secure.

Once you’ve indentified and vetted a provider, the next important question is, “What data should be moved to the cloud?” This question is important because the answer may surprise some people: not all information is suitable to be stored on the cloud. Some information is too critical and should be isolated to maintain security. Never treat your organization’s data as one big lump. Some information may be proprietary and confidential; data including health records and social security numbers may want to be kept off the public cloud until you’re confident in its security. On the other hand, you may have data that you really want to be accessible by the public – this is the type of information that is well-suited for the initial move to the cloud.

Start your move to the cloud with your very public-facing data (company websites, shared calendars) and once you’ve built confidence in your provider, begin incrementally moving more private information to the cloud. Once more secure data is transitioned to the cloud, it’s essential that it be kept securely separated from non-sensitive information.

As cloud computing and virtualization technologies continue to improve the way we do business, interact and transact, taking advantage of cloud computing technology without compromising IT security should be your organization’s leading goal. If you approach transitioning to the cloud incrementally, taking steps to separate sensitive information from non-sensitive information, you’ll find a transition to the cloud offers a risk vs. reward balance.

Related Reading > 2010 Device Integrity Report: U.S. Unprepared for Internet Device Flood

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility