Cloud Security has been one of the top challenges reported by organizations that want to migrate to the Cloud. This is a challenge since the organization’s data may now be stored externally that can pose greater challenges to data integrity and compliance. Even though the data may be in the Cloud provider’s space, any compromises put the organization at risk. The Cloud can introduce new security risks that need to be addressed, however there are specific ways to manage the risks and leverage the benefits that Cloud has to offer and to ensure secure solutions across the Enterprise.
As part of the Cloud vendor selection, it is important to ensure a solid business presence and financial stability. If the vendor goes out of business, it’s important to make sure the organization’s data is secure and will not be lost. The vendor should provide secure service management capabilities for provisioning, updates and auditing. Prior to moving to the Cloud, an assessment of data sensitivity and compliance requirements should be one of the initial steps. Subsequently, specific vulnerabilities for the Cloud solution should be identified, documented and addressed. From an Enterprise Security perspective, policies, tools and controls should be developed for protection. There are many ways in which the security risks can be mitigated. One of the ways is to make sure that the providers have audits and certifications to ensure the security of the data. The location of the data is a common concern, if the data is needed in a specific area it is important to incorporate this aspect in the service level agreements with the vendor. Security controls at every level should be documented and addressed as part of the certification activities. For the Government, FEDRAMP is a program that supports secure cloud computing and provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.