@CloudExpo Authors: Liz McMillan, Zakia Bouachraoui, Yeshim Deniz, Pat Romanski, Elizabeth White

Related Topics: @CloudExpo, Microservices Expo, Agile Computing, Cloud Security, Government Cloud

@CloudExpo: Article

Enterprise Cloud Security – Comprehensive Security Approach

Effective risk management can result in secure, scalable, on-demand enterprise cloud solutions

Cloud Security has been one of the top challenges reported by organizations that want to migrate to the Cloud. This is a challenge since the organization’s data may now be stored externally that can pose greater challenges to data integrity and compliance. Even though the data may be in the Cloud provider’s space, any compromises put the organization at risk. The Cloud can introduce new security risks that need to be addressed, however there are specific ways to manage the risks and leverage the benefits that Cloud has to offer and to ensure secure solutions across the Enterprise.

As part of the Cloud vendor selection, it is important to ensure a solid business presence and financial stability. If the vendor goes out of business, it’s important to make sure the organization’s data is secure and will not be lost. The vendor should provide secure service management capabilities for provisioning, updates and auditing. Prior to moving to the Cloud, an assessment of data sensitivity and compliance requirements should be one of the initial steps. Subsequently, specific vulnerabilities for the Cloud solution should be identified, documented and addressed. From an Enterprise Security perspective, policies, tools and controls should be developed for protection. There are many ways in which the security risks can be mitigated. One of the ways is to make sure that the providers have audits and certifications to ensure the security of the data. The location of the data is a common concern, if the data is needed in a specific area it is important to incorporate this aspect in the service level agreements with the vendor. Security controls at every level should be documented and addressed as part of the certification activities. For the Government, FEDRAMP is a program that supports secure cloud computing and provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Due to the multi-tenant aspects of the Cloud and virtualization, proper segmentation is extremely important, since segmentation problems can be very dangerous and can cause unintended consequences. It’s like living in an apartment complex, a negative event in one apartment can quickly spread to the whole complex and cause damage. Data encryption at rest, in process and in motion should be properly addressed, this includes files on servers, data being exchanged through the applications and transactional data. Smart key management should be utilized and seamless identity, access management should be addressed to authenticate users and applications. As with other deployment mechanisms, applications should be designed and developed to address security threats and attacks. For example, for web applications, security standards should be applied and vulnerabilities such as cross side scripting, information leakage, cross site request forgery, SQL injection, malicious file execution etc. need to be addressed. Perimeter security, network and host based controls should be leveraged. Governance and risk management should encompass a thorough review of processes and controls. Cloud Security may appear to be a daunting task, however applying a comprehensive security approach and effectively managing the risks can result in secure, scalable, on demand Enterprise Cloud solutions.

(This has been extracted from and is reference to Ajay Budhraja's blog).

More Stories By Ajay Budhraja

Ajay Budhraja has over 24 years in Information Technology with experience in areas such as Executive leadership, management, strategic planning, enterprise architecture, system architecture, software engineering, training, methodologies, networks, and databases. He has provided Senior Executive leadership for nationwide and global programs and has implemented integrated Enterprise Information Technology solutions.

Ajay has a Masters in Engineering (Computer Science), and a Masters in Management and Bachelors in Engineering. He is a Project Management Professional certified by the PMI and is also CICM, CSM, ECM (AIIM) Master, SOA, RUP, SEI-CMMI, ITIL-F, Security + certified.

Ajay has led large-scale projects for big organizations and has extensive IT experience related to telecom, business, manufacturing, airlines, finance and government. He has delivered internet based technology solutions and strategies for e-business platforms, portals, mobile e-business, collaboration and content management. He has worked extensively in the areas of application development, infrastructure development, networks, security and has contributed significantly in the areas of Enterprise and Business Transformation, Strategic Planning, Change Management, Technology innovation, Performance management, Agile management and development, Service Oriented Architecture, Cloud.

Ajay has been leading organizations as Senior Executive, he is the Chair for the Federal SOA COP, Chair Cloud Solutions, MidTech Leadership Steering Committee member and has served as President DOL-APAC, AEA-DC, Co-Chair Executive Forum Federal Executive Institute SES Program. As Adjunct Faculty, he has taught courses for several universities. He has received many awards, authored articles and presented papers at worldwide conferences.

CloudEXPO Stories
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions need to be truly scalable. Far from it. There are at least six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments. In this presentation, the speaker will detail these pain points and explain how cloud can address them.
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-centric compute for the most data-intensive applications. Hyperconverged systems already in place can be revitalized with vendor-agnostic, PCIe-deployed, disaggregated approach to composable, maximizing the value of previous investments.
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mistakes high" is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed how this same philosophy can be applied to highly scaled applications, and can dramatically increase your resilience to failure.
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by sharing information within the building and with outside city infrastructure via real time shared cloud capabilities.
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly-scalable architectures.