Securing the Cloud, Your Virtual Storage ShedPosted 2013-06-18 Email Print
Security professionals must take time to research cloud providers, asking intelligent questions that will help find the best fit for their organization's needs.
Incorporating Mobile Devices
In addition, don’t forget to incorporate another growing trend—mobile devices— into your policies and security development. Although many people want to use whatever mobile devices they have—including smartphones and tablets—employers need to be cautious of the additional risk associated with the virtual storage network and these mobile devices.
On one hand, this is where the cloud is very beneficial: Users can connect any time, from anywhere, using any device. But what happens when employees use a personal cloud service to store work information? A security professional needs to be involved from the beginning, writing the correct policies and having them in place, enforcing those policies and ensuring that appropriate steps are followed in every situation by all employees.
Many companies are still coming to grips with these mobile devices, knowing that the data has to be secured on both ends. While the bring-your-own-device trend may be the wave of the future, security professionals are going to have to ensure that proper policies are written and discussed prior to moving to a BYOD environment.
Taking time to understand all the different aspects of cloud computing may be overshadowed by the final point: the need to understand the legal system and contracting. Security professionals need to understand exactly what is covered by the contract and what exactly is written in the contract with the cloud provider. They need to understand the level of security provided by the provider and be able to verify and audit the level of security to ensure that a hole has not been opened to the outside world.
In a worst-case scenario, the security professional needs to know and understand the cloud provider’s policies and practices if a security breach occurs. To make this scenario work, it is vital for the security pros to be involved in creating the contract. They need to be the ones talking with the providers, negotiating the appropriate levels of security, and ensuring they are comfortable with the information.
As with any developing trend, cloud computing has pros and cons. While there is always a chance of a security breach or loss of information (which is more likely to be prevented if your security professional is proactively involved), the benefits of cloud computing far outweigh its risks and costs.
Protecting the information you are storing in a cloud is just as important as locking a physical vault, so taking the appropriate steps to ensure you have the proper level of security that will help protect your company from breaches and losses. And those steps must include taking the time to investigate cloud providers, asking the right questions and putting together effective security policies.
Ron Woerner is the director of the M.S. Cybersecurity program at Bellevue University and has 20 years of corporate experience in IT and security. He is a certified information security professional (CISSP) and a certified ethical hacker (CEH).