Jun 25 2021
There are many factors to considered when selecting a public cloud provider, but 56% in a recent survey said security concerns had the most significant influence during the selection process for public cloud providers, IT services management company Ensono said.
Above: Ensono Cloud Clarity Report uncovered several areas that significantly influenced buying decisions.
Ensono: Security is a key factor when choosing a public cloud provider
Apr 01 2021
New research suggests the overall state of cloud security continues to improve at a time when more organizations rely on multiple cloud service providers.
A survey of 1,900 security and IT professionals published this week by the Cloud Security Alliance (CSA) in collaboration with AlgoSec, a provider of network security tools, finds only 11% of respondents said they encountered a cloud security incident in the past year. The most common problems encountered were issues with a specific cloud provider (26%), security misconfigurations (22%) and attacks such as denial-of-service exploits (20%).
When asked about the impact of the cloud outages, more than a quarter of respondents said it took more than half a day to recover.
Despite growing confidence in cloud platforms, however, security remains a major area of focus. Top areas of concern include network security (58%), lack of cloud expertise (47%), migrating workloads to the cloud (44%) and insufficient staff to manage cloud environments (32%). In all, 79% of respondents noted some kind of issue involving IT staffing.
In the report, 52% of respondents reported they employed cloud-native tools to manage security as part of their application orchestration process, with half (50%) using orchestration and configuration management tools such as Ansible, Chef and Puppet. Less than a third (29%) said they used manual processes to manage cloud security.
Less clear, though, is who within the IT organization is responsible for cloud security. More than a third (35%) said their security operations team managed cloud security, followed by the cloud team (18%) and IT operations (16%). Other teams, such as network operations, DevOps and application owners, are all below 10%, the survey found.
Mar 23 2021
The pandemic and lockdowns hit their first anniversary mark, and many companies continue to have their employees work from home for the foreseeable future. Over the past year, organizations have seen how important cloud computing is to business operations.
In fact, according to a MariaDB survey, 40% of respondents said that COVID-19 accelerated their migration to cloud, and IDC found that while cloud spending increased slightly during the early months of the pandemic, other IT-related spending decreased.
If nothing else, 2020 showed organizations the advantages of cloud services. Of course, with more cloud use, there is more cloud risk. With almost all cloud teams working remotely, there has been an uptick in security vulnerabilities and a concern that there are ongoing cloud security issues that have yet to be discovered. Organizations are migrating so quickly to the cloud that security is an afterthought, and that has consequences.
Instead, a new Deloitte study recommended, this move to the cloud should work with cybersecurity as a differentiator to gain consumer trust. “An integrated cloud cyber strategy enables organizations to use security in their transformation in a way that promotes greater consumer trust, especially in today’s digital age,” the report stated. Any migration to the cloud should take a security-first approach.
With an integrated, security-by-design cloud cybersecurity strategy, organizations can use security in digital transformation as a driver rather than as an afterthought, said Bhavin Barot, a Deloitte risk and financial advisory principal in the cyber and strategic risk practice, in an email interview. Leveraging secure design principles during a digital transformation or cloud migration helps organizations in the following ways, Barot added:
Taking a Security-First Approach to Cloud Migration
Mar 14 2021
The secret to resolving compliance and security issues before they escalate into costly audit penalties is to proactively add an automated compliance and security management system in the cloud environment. This way your company can take advantage of all the security benefits offered by the cloud provider while also managing other security aspects critical to your company’s operations while also providing an audit trail that can be used to help verify compliance.
In short, your company needs the means to detect specific issues and correct them prior to an official compliance certification audit. The top areas that auditors check are all centered on data access. That’s understandable given that Gartner predicts that “by 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.”
Cloud security automation can scale along with your workloads in cloud environments and correct compliance issues and security vulnerabilities as they occur. Your company should consider the following when selecting an Identity Access Management (IAM) product to use in cloud environments to automate corrections and ensure compliance.
Source: Cloud services and foggy compliance issues
![Cybersecurity for Executives in the Age of Cloud by [Teri Radichel]](https://m.media-amazon.com/images/I/51yWmk6hKiL.jpg)
Mar 09 2021
The sheer number of organizations moving to the cloud is staggering: we’re seeing 3-5 years-worth of business transformation happening in just months due to the pandemic. As cloud-enabled digital transformation continues to accelerate, there are a variety of concerns.
For example, the visibility of data. Organizations (and users) must assess what controls cloud services providers offer in order to understand the security risks and challenges. If data is stored unencrypted, that implies significant additional risk in a multi-tenant environment. Or what about the ability of security models to mimic dynamic behavior? Many anomaly detection and predictive “risk-scoring” algorithms look for abnormal user behavior to help identify security threats. With the sudden and dramatic shift to remote work last year, most models require significant adjustments and adaptation.
Normally, companies begin exploring the move to a cloud service provider with a detailed risk analysis assessment. This often involves examining assets, potential vulnerabilities, exploitation probabilities, anticipated breach-driven outcomes, and an in-depth evaluation of vendors’ capacity to effectively manage a hybrid solution (including authentication services, authorization, access controls, encryption capabilities, logging, incident response, reliability and uptime, etc.).
How to mitigate security risks as cloud services adoption spikes
Feb 23 2021
AWS offers multiple services around logging and monitoring. For example, you have almost certainly heard of CloudTrail and CloudWatch, but they are just the tip of the iceberg.
CloudWatch Logs is the default logging service for many AWS resources (like EC2, RDS, etc.): it captures application events and error logs, and allows to monitor and troubleshoot application performance. CloudTrail, on the other hand, works at a lower level, monitoring API calls for various AWS services.
Although listing (and describing) all services made available by AWS is out of scope for this blog post, there are a few brilliant resources which tackle this exact problem:
In the remainder of this section I’ll provide a summary of the main services we will need to design our security logging platform. Before doing so, though, it might be helpful having a high-level overview of how these services communicate (special thanks to Scott Piper for the original idea)
Source: Security Logging in Cloud Environments – AWS
Jan 24 2019
More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.
Source: Security is the no. 1 IT barrier to cloud and SaaS adoption
Jan 22 2010
What is Cloud Computing and does it provide more protection to your business?
Cloud Computing will bring many benefits to organisations, some of which include reducing operating costs, reducing power consumption and freeing you up to focus on your core business.
The concept of shifting computing to a shared service provider is not new. What may be new is that the cost of Cloud Computing is falling so dramatically that considering outsourcing to the Cloud is no longer rare, and it is now accessible enough that any individual or organisation can use it to their advantage.
Above the Clouds: Managing Risk in the World of Cloud Computing
For Cloud Computing to be a viable option, you need to be confident that your business information will be secure and that the service you offer to your customers will still be reliable. So if you want to adopt a Cloud Computing strategy, you need to make sure you carry out due diligence on the service provider before you entrust this firm with your vital data. However, the author challenges the assumption that Cloud Computing will offer less protection to your data than relying on an in-house server. Buy Now!>
Cloud Computing not only allows you to make economies of scale; it can also offer you the increased security that comes from sharing the resource. The author argues that moving over to Cloud Computing can actually help to defend your organisation from threats such as denial of service attacks, viruses and worms.
Cloud service providers will tell you that Cloud Computing is bound to be better, faster and cheaper. The reality is that before switching over to Cloud Computing, you need to think carefully about whether it will really work for your business. This book shows you what you need to do to ensure that with Cloud Computing you will continue to give the standard of service your customers require. It also offers you some valuable tips on how to choose your provider of Cloud services.
Published date: 9th February 2010.
Pre-order this book using Voucher Code: “cloud2010” to save 10%!
Sep 10 2009
De-perimeterization is a double edge sword for industry which creates scalable options for operation and huge challenges for safeguarding the assets beyond the edge. One of the major advantages for de-perimeterization is that user can access corporate information over the internet; in this situation user can access corporate data from any where, it’s hard to draw the line where the edge begins and where it ends. All you basically need a functional laptop with internet connection. On the other hand, de- perimeterization poses a great challenge due to possibility of viruses, spywares and worms spreading in your internal protected infrastructure.
In de-perimeterized environment, security attributes shall follow the data, wherever the data may go or reside.
In security architecture where firewall was considered a very effective perimeter defense has been weakens by virtualization and cloud computing. In early days of firewall defense, organization only needed to open few necessary protocols and ports to do business. Internet accessible systems were located on the DMZ and the communication was initiated from the corporate to internet. Now there are whole slew of protocols and ports which needs to be open to communicate with application in the cloud. As corporate application move out of the organization network into the cloud, the effectiveness of firewall diminished.
Defense in depth is required for additional protection of data because as new threats emerge, the firewall cannot be used as an only layer of security. The key to the security of de-perimeterization is to push security at each layer of infrastructure including application and data. Data is protected at every layer to ensure the confidentiality, integrity and availability (CIA). Various techniques can be utilized for safeguarding data including data level authentication. The idea of data level authentication is that data is encrypted with specific privileges, when the data move, those privileges are moved with the data.
Endpoint security is relevant in today’s business environment especially for laptop and mobile devices. Agents on laptops and mobile devices utilized pull/push techniques to enforce relevant security policies. Different policies are applied depending on the location of the laptop. Where security policy will ensure which resources are available and what data need to be encrypted depending on the location of the device.
When corporate application and important data reside in the cloud, SLA should be written to protect the availability of the application and confidentiality of the data. Organizations should do their own business continuity planning so they are not totally dependent on the cloud service provider. For example backup your important data or utilize remote backup services where all data stored is encrypted.
Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance
Hosted email solution
Hosted email archiving
Hosted web monitoring
Hosted online backup
![Reblog this post [with Zemanta]](https://img.zemanta.com/reblog_e.png?x-id=3a8e0883-feb2-4865-b29d-67dedeb875d5)
Jul 07 2009
Cloud Application Architectures: Building Applications and Infrastructure in the Cloud
Cloud computing is the future of the computing, which happens to provide common business applications online that run from web browser and is comprised of virtual servers located over the internet. Basic idea behind cloud computing is the accessibility of application and data from any location as long as you are connected to the internet. Cloud computing makes the laptop the most essential tool to get the job done.
For example Hosted Email (SaaS) Security provides safeguards at the Internet level, eliminating spam and malware before they reach your internal network infrastructure. The hosted email provides centralized security with built-in redundancy, failover, and business continuity, while easing network and security administration. In the hosted email software as a service the security controls are at work at the internet level. It’s about time to expand the corporate perimeter beyond firewall and one of the major benefit of cloud computing is to give organizations capability to implement security controls at internet level and eliminate threats before they reach the internal network.
An online backup service is another example of software as a service (SaaS) which provides users with an online system for backing up and storing computer files.
Cloud computing incorporates several different types of computing, including:
 software as a service (SaaS)
 platform as a service (PaaS)
 infrastructure as a service (IaaS)
It is a range of technologies that have come together to deliver scalable, tailored and virtualized IT resources and applications over the Internet.
Cloud Computing have several benefits and potential risks which you may want to know before signing a contract with a cloud vendor.
![Reblog this post [with Zemanta]](https://img.zemanta.com/reblog_e.png?x-id=e7f7ca92-d521-4be7-b5c4-dfc3282c607f)
