best practice guide The Three Pillars of a Secure Hybrid Cloud Environment



Similar documents
Governance, Risk and Compliance Assessment

How do you manage the brain of the business in a way that supports the opportunities your organisation wants to take advantage of?

Cloud Readiness Consulting Services

Cloud Readiness Workshop

Four steps to improving cloud security and compliance

Dimension Data s Uptime Support Service

Private Cloud for Every Organization

Contact Centre Integration Assessment

Hybrid Wide-Area Network Application-centric, agile and end-to-end

Sustainable Solutions. Switch to future thinking

best practice guide BYO-What? 6 Lessons Learnt in Making Mobility Work

Big Gets Bigger, Smaller Gets Smaller

Software-as-a-service Delivery: The Build vs. Buy Decision

Dimension Data s Uptime Maintenance Service

I can finally afford UC without making a huge upfront investment. COO, market leader in the health care industry

opinion piece IT Security and Compliance: They can Live Happily Ever After

Desktop Virtualisation Solutions. Adapting to a new reality in client computing

3D Workspace: a new dimension to your desktop

best practice guide How to measure the real ROI of virtualisation

Managed Service for Visual Communications

opinion piece Eight Simple Steps to Effective Software Asset Management

Cloud Services for Microsoft

IP Trading Solutions

Burning Dollars Top Five Trends in US Telecom Spend

Flexible Cloud Services to Compete

best practice guide 7 Best Practices to Make Telecom Expense Management Work for Your Business

opinion piece Fragmenting DLP assessment, implementation, and management is counter-intuitive

How To Manage An Ip Telephony Service For A Business

Procurement and Logistics Service. Overcoming the challenges and complexities of international business

INSITE. Dimension Data s monitoring offering

best practice guide Rise Above Unreliable Videoconferencing

best practice guide Software-as-a-service Operations: Step-by-Step Best Practices

best practice guide Network Management How to Lose the Frustration, Not the Control

Strategic, User-Driven, and Managed: The Future Of Unified Communications and Collaboration Executive Summary

Top 5 IT security trends to watch in 2015

Contact Centre-as-a-Service a compelling suite of best-in-class contact centre functionality, delivered via the cloud.

The Future of Unified Communications & Collaboration India highlights. Key findings from a major global Dimension Data and Ovum study

The Future of Unified Communications & Collaboration South Africa. Key findings from a major global Dimension Data and Ovum study

Secure Mobility Survey Report. A critical gap exists between the enterprise mobility vision and real-world implementations

Managed Secure Infrastructure Service

Dimension Data helps Unilever boost global collaboration and hit sustainability goals with innovative Videoconferencing-as-a-Service

Consulting and Professional Services. Strategic, architectural, operational and implementation expertise

Security Consulting. Services Overview

Advanced Infrastructure

3 Steps to Transform your Business with Next-Generation Networking

7 Demands Enterprises Must Make from Cloud Providers

The Future of Unified Communications & Collaboration France. Key findings from a major global Dimension Data and Ovum study

The Future of Unified Communications & Collaboration Netherlands. Key findings from a major global Dimension Data and Ovum study

The Future of Unified Communications & Collaboration Canada. Key findings from a major global Dimension Data and Ovum study

white paper Strategy and Development: The Expanding Role of the Contact Centre

Performance Optimisation

Data Centre Relocation

DSV Air & Sea, Inc. Aerospace Sector. DSV Air & Sea, Inc. Aerospace

The Future of Unified Communications & Collaboration United Kingdom. Key findings from a major global Dimension Data and Ovum study

EMEA BENEFITS BENCHMARKING OFFERING

Dimension Data Cloud Services

Cloud Security: Developing a Secure Cloud Approach

Maintaining the Balance Between User Experience and Security

Chart 1: Zambia's Major Trading Partners (Exports + Imports) Q Q Switzernd RSA Congo DR China UAE Kuwait UK Zimbabwe India Egypt Other

MAUVE GROUP GLOBAL EMPLOYMENT SOLUTIONS PORTFOLIO

Foreign Taxes Paid and Foreign Source Income INTECH Global Income Managed Volatility Fund

Global AML Resource Map Over 2000 AML professionals

HIPAA security rules of engagement

Workforce Optimisation

World Consumer Income and Expenditure Patterns

The Future of Unified Communications & Collaboration Financial Services. Key findings from a major global Dimension Data and Ovum study

Appendix 1: Full Country Rankings

Triple-play subscriptions to rocket to 400 mil.

FDI performance and potential rankings. Astrit Sulstarova Division on Investment and Enterprise UNCTAD

Dimension Data Hosted Private Compute-as-a-Service

Bangladesh Visa fees for foreign nationals

360 o View of. Global Immigration

Consolidated International Banking Statistics in Japan

Cisco Global Cloud Index Supplement: Cloud Readiness Regional Details

best practice guide 8 Considerations for an Energy-efficient Data Centre

The Future Of Unified Communications and Collaboration is Managed. Key findings from a major global Dimension Data and Ovum study

Dividends Tax: Summary of withholding tax rates per South African Double Taxation Agreements currently in force Version: 2 Updated:

Fall 2015 International Student Enrollment

Transcription:

best practice guide The Three Pillars of a Secure Hybrid Cloud Environment

best practice guide The Three Pillars of a Secure Hybrid Cloud Environment Introduction How sound risk management, transparency and a sharp focus on compliance lay the foundation for a hybrid cloud environment that won t compromise your business security posture. For most businesses, a move to the cloud isn t an all or nothing affair and it certainly doesn t happen overnight. Many organisations initially build a private cloud independently. As their confidence grows, they ll typically move to a hybrid model, that is, a blend of public and private cloud services. Whatever the mix of cloud services an organisation opts into, security can t be considered as an afterthought. Dimension Data security experts, Tom Gilis and Stefaan Hinderyckx, turn a critical eye to the areas where businesses may run into trouble

best practice guide The Three Pillars of a Secure Hybrid Cloud Environment Pillar 1: risk assessment and management All too often, organisations journeys to the cloud veer off course as they ve not thoroughly evaluated the impact of moving a particular asset be it a service or data to the cloud, says Gilis. At the same time, many organisations simply assume that a move to the cloud will inevitably involve greater levels of risk. What s called for is an in-depth risk assessment. Gilis believes that ideally, the assessment should include the following steps: A definition of the risks that apply to various asset(s), based on their business criticality. An assessment of the current status of each risk before it s moved to the cloud. Using this information, each risk can be accepted, mitigated, transferred or avoided. An assessment of the risk profile of each asset, assuming it has been moved to the cloud. The outcome will allow the business to compare the different level of risk associated with its current state and the desired cloud solution. Assets with higher risk profiles may be better suited to a private cloud environment. The results may even lead you to conclude that a particular business service or asset can t or shouldn t be moved to the cloud at all, explains Gilis. Interestingly, such assessments often reveal that a move to the cloud actually won t open the business up to security vulnerabilities in the ways originally assumed. Counter to popular stereotypes, security isn t necessarily always a cloud inhibitor. But success lies in gathering sound data and then managing your risks proactively. It s also important to bear in mind that a hybrid cloud environment can also include scenarios in which private clouds and applications burst out to a public cloud provider for additional capacity as required. This is something organisations may not have considered, but it represents a key benefit of a move to the cloud. However, it s important that this flexibility is considered as part of the overall risk assessment.

best practice guide The Three Pillars of a Secure Hybrid Cloud Environment Pillar 2: provider transparency The importance of clear and transparent communication on the part of cloud providers regarding the security embedded in their offerings shouldn t be underestimated. For businesses, moving to the cloud is something of a leap of faith. Cloud involves relinquishing a degree of control which means sleepless nights for security professionals. Providers would do well to share as much information as possible with prospects about their environment, offerings, controls and configurations in order to build a foundation of trust and allay any concerns, early on in the sales cycle. Hidden costs often derail cloud implementations. Here Gilis believes that businesses need to look for providers that aren t afraid to explore these as part of the negotiation process. Organisations need to factor in the costs associated with changing their processes, for example. Providers need to demonstrate that they re aware of the various risks associated with implementing a cloud strategy and put forward suggestions on how to mitigate them, based on their experiences with other clients, he says. Gilis believes that another effective way for cloud providers to gain and retain their customers trust so their customers become more comfortable in relinquishing control is to formalise the handover process. Once policies and procedures are set up, schedule weekly, monthly or quarterly meetings, reviews and audits, and thoroughly assess any areas of poor performance or concern. Providers should also be upfront about any security incidents that have occurred, and willing and able to explain how these were attended to. Hinderyckx adds that, when evaluating cloud providers, oftentimes IT security leaders aren t clear about what kinds of questions they should be asking. Dimension Data often assists clients by providing them with a list of questions that we believe they should be posing to cloud providers as part of the evaluation process, to ensure they re covering all the bases. These questions relate to nine specific technology domains: Governance: the ability of an organisation to govern and measure enterprise risk introduced by cloud. Legal issues: regulations, and requirements to protect the privacy of data, and the security of information and computer systems. Compliance and audit: maintaining and proving compliance when using the cloud. Information management and data security: managing cloud data, and responsibility for data confidentiality, integrity and availability. Portability and interoperability: the ability to move data or services from one provider to another, or bring them back in-house. Business continuity and disaster recovery: operational processes and procedures for business continuity and disaster recovery. Data centre: evaluating any elements of a provider s data centre architecture and operations that could be detrimental to ongoing services. Incident response, notification and remediation: adequate incident detection, response, notification, and remediation. Application security: securing application software running on or developed in the cloud. Encryption and key management: identifying proper encryption usage and scalable key management. Identity and access management: assessing an organisation s readiness to conduct cloud-based identity, entitlement, and access management. Virtualisation: risks associated with multi-tenancy, virtual machine isolation and co- residence, hypervisor vulnerabilities, etc. Pillar 3: policy and compliance Cloud providers need to understand that simply listing compliance certifications isn t sufficient. In line with the mantra of transparency explored in the previous point, providers should take a proactive stance to sharing their security implementations and controls. While adherence to standards and regulations should be a minimum baseline for the consideration of any provider, alone it s not enough to engender a buyer s confidence that everything it wants from a compliance perspective will be covered, says Hinderyckx. Organisations should look for providers that don t only provide proof of their certification, but can also explain how they achieve and maintain their compliance levels, what problems they ve encountered in this area and how these have been overcome. Dimension Data often assists clients by providing them with a list of questions that we believe they should be posing to cloud providers as part of the evaluation process, to ensure they re covering all the bases. CS / DDMS-1084 / 10/12 Copyright Dimension Data 2012

Middle East & Africa Asia Australia Europe Americas Algeria Angola Botswana Congo Burundi Democratic Republic of the Congo Gabon Ghana Kenya Malawi Mauritius Morocco Mozambique Namibia Nigeria Oman Rwanda Saudi Arabia South Africa Tanzania Uganda United Arab Emirates Zambia China Hong Kong India Indonesia Japan Korea Malaysia New Zealand Philippines Singapore Taiwan Thailand Vietnam Australian Capital Territory New South Wales Queensland South Australia Victoria Western Australia Belgium Czech Republic France Germany Italy Luxembourg Netherlands Spain Switzerland United Kingdom Brazil Canada Chile Mexico United States For contact details in your region please visit www.dimensiondata.com/globalpresence

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information