Welcome!

@CloudExpo Authors: Elizabeth White, Liz McMillan, Yeshim Deniz, Pat Romanski, Zakia Bouachraoui

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Blog Post

Security and the Cloud

Is now the time to make the move to cloud services with all the current IT security concerns?

By Steven Wolford, 6fusion Director of Information Security

Is now the time to make the move to cloud services with all the current IT security concerns? Security and the cloud seems to be the topic of conversation for many businesses and IT groups today. As you prepare for that decision making process around your IT infrastructure security, remember to take a risk based approach to help ensure a sound decision from an information security perspective.

Rather than spend months learning, digesting, and attempting to implement a structured formal risk management framework, regard your strategic security planning with these four pillars of risk management.

Security in the Cloud - 6fusion

Identify
What can and should be moved to the cloud? Identify projects, programs or services that have high establishment costs, low utilization, or are expensive to run and operate, as candidates for the cloud. Consideration should be given to services that require rapid turnaround, are seasonal, or have a short usage timeframe but require long lead times for IT infrastructure security and support to be established, as services that will be able to use cloud services with minimal disruptions and risk to the wider business.

Assess
What are the risks to moving to the cloud? In addition to IT infrastructure security, privacy and compliance, another very important element of this pillar is the service characteristics that the cloud provides—including reliability, scalability, portability, vendor stability and the backward architectural compatibility that the cloud service can provide.

Evaluate each cloud delivery method independently; SaaS, PaaS, and IaaS will each present a different set of answers to these questions.

Establish
How will you mitigate each IT infrastructure security risk to an acceptable level? Put processes into place for the use and consumption of cloud services. Document any service fulfillment obligations that are required by the organization. It is important for security and the cloud to be precise when determining operating processes; they will need to integrate with your processes, especially around change, problem, incident, capacity and availability.

Establish service level agreements (SLAs) and rules of engagement that will assist in managing the performance of cloud service. All obligations and controls regarding information security, authorization to operate, security event monitoring, logging, reporting, cloud service reliability, scalability, portability vendor stability and backward architectural compatibility are required to be discussed and documented to ensure true value can be derived when embracing cloud services.

Govern
How are we doing with security and the cloud? Ensure the continued success of the services that have been moved to the cloud and provide the required checks and balances to ensure the integrity of your organization’s data assets within the cloud. Acquire, review, and take appropriate action on continuous real-time reporting for the security governance metrics appropriate for your organization. Some examples would include IT services being consumed, established regular reporting cycles for control obligations, independent verification of IT controls; outline SLAs and cloud service provider obligations as well as organizational responsibilities, and documented roles and responsibilities regarding service establishment and closure.

6fusion puts the highest priorities on security and the cloud and have a tremendous amount of experience with securing cloud infrastructure and IT infrastructure in general. We’d be happy to share our experiences and cloud security best practices with you to help your organization. Reach out to us at [email protected] to set up a time to talk.

The post Security and the Cloud appeared first on 6fusion.

Read the original blog entry...

More Stories By John Cowan

John Cowan is co-founder and CEO of 6fusion. John is credited as 6fusion's business model visionary, bridging concepts and services behind cloud computing to the IT Service channel. In 2008, he along with his 6fusion collaborators successfully launched the industry's first single unit of meausurement for x86 computing, known as the Workload Allocation Cube (WAC). John is a 12 year veteran of business and product development within the IT and Telecommunications sectors and a graduate of Queen's University at Kingston.

CloudEXPO Stories
Eric Taylor, a former hacker, reveals what he's learned about cybersecurity. Taylor's life as a hacker began when he was just 12 years old and playing video games at home. Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the internet, among other charges. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and government officials, including Michelle Obama, former CIA director John Brennan, Kim Kardashian and Tiger Woods. Taylor recently became an advisor to cybersecurity start-up Path which helps companies make sure their websites are properly loading around the globe.
ClaySys Technologies is one of the leading application platform products in the ‘No-code' or ‘Metadata Driven' software business application development space. The company was founded to create a modern technology platform that addressed the core pain points related to the traditional software application development architecture. The founding team of ClaySys Technologies come from a legacy of creating and developing line of business software applications for large enterprise clients around the world.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in this new hybrid and dynamic environment.
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomplished expert in Enterprise Architecture, Adi has also served as CxO advisor to numerous Fortune executives.
DevOpsSUMMIT at CloudEXPO, to be held June 25-26, 2019 at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is correlated with 20% faster time-to-market, 22% improvement in quality, and 18% reduction in dev and ops costs, according to research firm Vanson-Bourne. It is changing the way IT works, how businesses interact with customers, and how organizations are buying, building, and delivering software.