What is Cloud Computing Network Security?

cloud Computing Network Security controls was discussed extensively earlier in this blog. You need to be able to follow and implement best practices for all security controls.

About cloud Computing Network Security , consider the following general guidelines:

  1. Defense in depth
  1. VLANs
  1. Access controls
  1. Secure protocol usage (that is, IPSec and TLS)
  1. IDS/IPS system deployments
  1. Firewalls
  1. Honeypots/honeynets
  1. Separation of traffic flows within the host from the guests via the use of separate virtual switches dedicated to specific traffic
  1. Zoning and masking of storage traffic
  1. Deployment of virtual security infrastructure specifically designed to secure and monitor virtual networks (that is, VMware’s vCloud Networking and Security [vCNS] or NSX products)

Log Capture and Analysis

Log Capture and Analysis
Log Capture and Analysis

Log data needs to be collected and analyzed both for the hosts as well as for the guest running on top of the hosts.

Various tools allow you to collect and consolidate log data.

Centralization and offsite storage of log data can prevent tampering provided the appropriate access controls and monitoring systems are put in place. You are responsible for understanding the needs of the organization about log capture and analysis.

You are also responsible for ensuring that the necessary toolsets and solutions are implemented so that information can be managed using best practices and standards

Cloud Network Security Plan Implementation

Cloud Network Security Plan Implementation
Cloud Network Security Plan Implementation

You must develop a detailed management plan for the cloud environment.

You are ultimately accountable for the security architecture and resiliency of the systems you design, implement and manage.

Ensure due diligence and due care are exercised in the design and implementation of all aspects of the enterprise cloud security architecture.

Further, keep abreast of changes in the vendor’s offerings that can influence the choices being made or considered about management capabilities and approaches for the cloud.

Stay informed about issues and threats that could impact the secure operation and management of the cloud infrastructure.

Also, be aware of mitigation techniques and vendor recommendations that may need to be applied or implemented within the cloud infrastructure.

Ensuring Compliance with Regulations and Controls

Ensuring Compliance with Regulations and Controls
Ensuring Compliance with Regulations and Controls

Effective contracting for cloud services reduces the risk of vendor lock-in, improves portability, and encourages competition. Establishing explicit, comprehensive SLAs for security, continuity of operations, and service quality is key for any organization.

There are a variety of compliance regimes, and the provider should delineate which it supports and which it does not. Compliance responsibilities of the provider and the customer should be delineated in contracts and SLAs.

The Cloud Security Alliance Cloud Controls Matrix (CCA CCM) provides a good list of cloud Computing Network Security required by different compliance bodies.

In many cases, cloud Computing Network Security from one carry over to those of another.

To ensure all compliance and regulatory requirements can be met, consider the provider and customers’ geographic locations.

Involving the organization’s legal team from the beginning when designing the cloud environment keeps the project on track and focused on the necessary compliance concerns at the appropriate times in the project cycle.

Keep in mind that there is probably a long history of project-driven compliance in one form or another within the enterprise.

The challenge is often not the need to create awareness around the importance of compliance overall, or even compliance specific to a certain business need, customer segment, or service offering.

Rather, the challenge is to translate that awareness and historical knowledge to the cloud with the appropriate context.

Often, certain agreements focusing on-premise service provisioning may be in place but not structured appropriately to encompass a full cloud services solution.

The same may be true with some of the existing outsourcing agreements that may be in place.

In general, these agreements may be providing an acceptable level of service to internal customers or allow for the acquisition of service from an external third party but may not be structured appropriately for a full-blown cloud service to be immediately spun up on top of them.

You must identify your customer’s needs and ensure that IT and the business are aligned to support the provisioning of services and products that provide value to the customer in a secure and compliant manner.

Using an ITSM Solution

ITSM Solution
ITSM Solution

The use of an ITSM solution to drive and coordinate communication may be useful.

ITSM is needed for the cloud because the cloud is a remote environment that requires management and oversight to ensure alignment between IT and business.

 An ITSM solution makes it possible to do the following:

  1. Ensure portfolio management, demand management, and financial management are all working together for efficient service delivery to customers and effective charging for services if appropriate
  1. Involve all the people and systems necessary to create alignment and ultimately success

Look to the organization’s policies and procedures for specific guidance on the mechanisms and methodologies for communication that are acceptable.

More broadly, there are many additional resources to leverage as needed, depending on the circumstance.

Considerations for Shadow IT

Shadow IT
Shadow IT

Shadow IT is often defined as money spent on technology to acquire services without the IT department’s dollars or knowledge.

On March 26, 2015, a survey based on research from Canopy, the Atos cloud, was released, revealing that 60 percent of chief information officers (CIOs) said that shadow IT spending was an estimated €13 million in their organizations in 2014, and that figure was expected to grow in subsequent years.

This trend highlights the need for greater IT governance to be deployed in organizations to support digital transformation initiatives.

A review of organizations’ shadow IT expenditures showed that backup needs were the primary driver, with 44 percent of respondents stating their department had invested in backup in the previous year.

Other main areas of shadow IT spending included file-sharing software (36 percent) and archiving data (33 percent).

“Surprisingly, shadow IT is being spent on back-office functions—areas which for most businesses should be centralized and carefully managed by the IT department,” said Philippe Llorens, CEO of Canopy.

“As businesses embrace digital, it is essential that the IT department not only provides the IT infrastructure and services to enable and support the digital transformation but also the governance model to maximize cost efficiencies, manage risk, and provide the business with secure IT services.”20

According to the survey, the biggest shadow IT spenders were U.S. companies, outlaying a huge €26 million per company as a proportion of their 2014 global IT budget more than double that of companies in the UK and France that admitted to spending €11 million and €10 million, respectively.

Firms in Germany estimated spending over four times less on shadow IT than U.S. companies.

The findings demonstrate international firms’ challenge to manage employees’ varied attitudes to shadow IT spending across countries.

Leave a comment

Copy link
Powered by Social Snap