More

    In the Cloud or on the Golf Course, Hazards Can Be Devastating

    The 2015 U.S. Open capped off with a thrilling finish against a backdrop of breathtaking views of the Pacific Northwest. Chambers Bay Golf Course in Washington State played host. Anyone familiar with this course knows that “there aren’t traditional golf hazards, like water and trees, but there is trouble everywhere at Chambers Bay,” as one sports blogger wrote.

    It’s a similar scenario for IT and security pros responsible for management of their organization’s cloud usage. Cloud apps are ubiquitous and the associated IT challenges are many. More than half of respondents to this Ponemon study say their organization currently transfers sensitive or confidential data to the cloud. Still, more than half of IT professionals admit to not having a complete picture of where their sensitive data lives.

    In the spirit of the U.S. Open golf tournament and the 18 tricky holes at Chambers Bay, Perspecsys will caddy for a full round with tips and tricks to avoid the hazards – the privacy, compliance and security hazards of cloud computing – and guide you confidently through the course to realize the full benefits enterprise cloud adoption can offer.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 1

    Common Cloud Hazards

    Click through for a full round of tips and tricks to help you avoid the privacy, compliance and security hazards of cloud computing and guide you to the benefits of enterprise cloud, as identified by Perspecsys.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 2

    Users Don’t Realize the Risks

    The Front Nine: Hazards

    Hazard #1: Users don’t realize the risks.

    Business users see cloud apps as productivity enhancers. Meanwhile, IT doesn’t know how corporate data is being used in the cloud. Business users are signing up for cloud services and not following formal IT and security policies.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 3

    Cloudy Terms and Conditions

    Hazard #2: Cloudy terms and conditions

    The policies and standards your organization adheres to regarding the treatment of data are likely not shared by the cloud service provider. Yet, when users sign up for cloud apps, they agree to the associated terms and conditions.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 4

    Virtual Exploits

    Hazard #3: Virtual exploits

    Virtualization technology is a core component of a SaaS cloud service provider’s infrastructure. Virtualization carries its own threats and risks. As cloud users, don’t be left in the dark on what virtualization products your CSP is using and take steps to mitigate risks if required.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 5

    Authentication and Access Control

    Hazard #4: Authentication and access control measures

    A Perspecsys study shows that almost 31 percent of respondents do not allow employees to access corporate data in cloud apps from their mobile devices. Simply blocking access will not be a viable option for long, so it’s time to be proactive and put long-trusted security measures in place to make sure that no matter where your data is or on what device it resides, it is protected.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 6

    Cloud Data Control Challenges

    Hazard #5: Cloud data control challenges

    The cloud’s compelling efficiency and cost benefits are running into serious data compliance and privacy concerns that are inhibiting its widespread adoption. Adopting a public SaaS cloud equates to handing over your data – even the sensitive and regulated data – and organizations are grappling with issues created when they relinquish control of their sensitive data to cloud service providers.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 7

    Data Residency Restrictions

    Hazard #6: Data residency restrictions

    Companies frequently find that certain types of customer information needs to be kept within a defined geographic jurisdiction, making the use of cloud solutions based in other parts of the world extremely difficult. Increasingly strict residency requirements, being put in place as a result of surveillance and data privacy concerns, are a significant challenge to cloud adoption.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 8

    Data Privacy Responsibilities

    Hazard #7: Data privacy responsibilities

    Business data often needs to be guarded and protected more stringently than non-sensitive data. The enterprise is responsible for any breaches to data, whether they store it onsite or in the system of a CSP, and must be able to ensure that strict security measures are in place regardless of where the data resides.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 9

    Industry and Regulation Compliance

    Hazard #8: Industry and regulation compliance

    Organizations often have access to and are responsible for data that is highly regulated and restricted. Many industry-specific regulations such as GLBA, CJIS, ITAR and PCI DSS, require an enterprise to follow defined standards to safeguard private and business data and to comply with applicable laws.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 10

    B2B Contractual Clauses

    Hazard #9: B2B contractual clauses

    Businesses providing services for other businesses are increasingly seeing contractual clauses requiring business data that is maintained by the service provider to be treated in certain ways. For example, if business data is placed in third-party cloud systems, additional safeguards need to be put in place to ensure it is adequately protected.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 11

    Openness

    The Back Nine: Winning Tactics

    Winning Tactic #1: Openness

    Just as the U.S. Open is open to any golfer, IT needs to look for conditions related to openness, such as adherence to industry standards and the ability of security solutions to integrate with one another so that trust in the cloud is established.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 12

    Get a Grip on Your Data

    Winning Tactic #2: Get a grip on your data.

    With information flowing more freely than ever in today’s digital economy, tracking sensitive data becomes an increasingly difficult task. Get familiar with data-centric security tools that work inside and outside the company’s walls: in particular, cloud data encryption and tokenization.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 13

    Test

    Winning Tactic #3: Test.

    “Testing for network, logical and architectural security risks will be a very important strategy,” says John Overbaugh of Caliber Security Partners. “Security testing in the cloud does change things, but it’s not impossible,” he continues. “It’s important to plan ahead, to communicate the changes in your test strategy, and to set appropriate expectations with your management. Above all, it is critical to communicate before and during your testing – primarily with your cloud provider, but also with your IT and security organizations.”

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 14

    Back It Up

    Winning Tactic #4: Back it up.

    Having backups of your data is always a good idea whether it is stored in the cloud or not.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 15

    Multiple Providers

    Winning Tactic #5: Use a multi-cloud strategy.

    A multi-cloud strategy minimizes the risk of widespread data loss or downtime due to a localized component failure in a cloud computing environment. Develop a security platform that allows the business to implement consistent data protection policies across multiple cloud services, preferably one that does not involve complex key management or policy administration.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 16

    Education Employees

    Winning Tactic #6: Educate employees on security.

    People, processes and technology all need to play critical roles in ensuring adequate safeguards are in place. Proactive steps can be taken to avoid costly mistakes.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 17

    Data Governance Policies

    Winning Tactic #7: Establish comprehensive data governance policies.

    Governance needs to be clearly established and policies need to be put in place to ensure compliance with internal and external data privacy mandates. Data should be classified based on sensitivity and the correct data security techniques need to be applied to each class of data.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 18

    Data Security Services

    Winning Tactic #8: Implement data security services.

    Consider offering security services such as “encryption as a service” or “tokenization as a service” to business units within the enterprise to enable compliant cloud use/adoption while protecting data being processed and stored in the cloud.

    In the Cloud or on the Golf Course, Hazards Can Be Devastating - slide 19

    Encryption

    Winning Tactic #9: Do encryption right.

    Do not store encryption keys in the software where you store your data. IT teams need to keep physical ownership of encryption keys, as well as vet the strength of the encryption techniques being used. And don’t forget data in use. Data in use is, effectively, the data that has been loaded into a process and is in the memory of the program that is running. In general, this data is in the clear while being processed and is typically not protected by techniques such as the in-cloud-based encryption provided by the cloud service provider. Make sure you own the entire encryption process of your sensitive and regulated data.

    Latest Articles