Four steps to improving cloud security and compliance



Similar documents
Governance, Risk and Compliance Assessment

best practice guide The Three Pillars of a Secure Hybrid Cloud Environment

Cloud Readiness Consulting Services

Cloud Readiness Workshop

Flexible Cloud Services to Compete

Hybrid Wide-Area Network Application-centric, agile and end-to-end

Contact Centre Integration Assessment

How do you manage the brain of the business in a way that supports the opportunities your organisation wants to take advantage of?

I can finally afford UC without making a huge upfront investment. COO, market leader in the health care industry

Cloud Services for Microsoft

IP Trading Solutions

Big Gets Bigger, Smaller Gets Smaller

opinion piece IT Security and Compliance: They can Live Happily Ever After

Software-as-a-service Delivery: The Build vs. Buy Decision

Sustainable Solutions. Switch to future thinking

3D Workspace: a new dimension to your desktop

best practice guide BYO-What? 6 Lessons Learnt in Making Mobility Work

Dimension Data s Uptime Support Service

Private Cloud for Every Organization

opinion piece Eight Simple Steps to Effective Software Asset Management

Desktop Virtualisation Solutions. Adapting to a new reality in client computing

Dimension Data s Uptime Maintenance Service

best practice guide How to measure the real ROI of virtualisation

Managed Service for Visual Communications

Procurement and Logistics Service. Overcoming the challenges and complexities of international business

Secure Mobility Survey Report. A critical gap exists between the enterprise mobility vision and real-world implementations

best practice guide 7 Best Practices to Make Telecom Expense Management Work for Your Business

best practice guide Rise Above Unreliable Videoconferencing

Burning Dollars Top Five Trends in US Telecom Spend

best practice guide Software-as-a-service Operations: Step-by-Step Best Practices

opinion piece Fragmenting DLP assessment, implementation, and management is counter-intuitive

How To Manage An Ip Telephony Service For A Business

best practice guide Network Management How to Lose the Frustration, Not the Control

Consulting and Professional Services. Strategic, architectural, operational and implementation expertise

Security Consulting. Services Overview

Strategic, User-Driven, and Managed: The Future Of Unified Communications and Collaboration Executive Summary

Contact Centre-as-a-Service a compelling suite of best-in-class contact centre functionality, delivered via the cloud.

Dimension Data helps Unilever boost global collaboration and hit sustainability goals with innovative Videoconferencing-as-a-Service

The Future of Unified Communications & Collaboration India highlights. Key findings from a major global Dimension Data and Ovum study

white paper Strategy and Development: The Expanding Role of the Contact Centre

The Future of Unified Communications & Collaboration Canada. Key findings from a major global Dimension Data and Ovum study

Top 5 IT security trends to watch in 2015

3 Steps to Transform your Business with Next-Generation Networking

Advanced Infrastructure

The Future of Unified Communications & Collaboration South Africa. Key findings from a major global Dimension Data and Ovum study

Data Centre Relocation

EMEA BENEFITS BENCHMARKING OFFERING

Performance Optimisation

7 Demands Enterprises Must Make from Cloud Providers

The Future of Unified Communications & Collaboration France. Key findings from a major global Dimension Data and Ovum study

INSITE. Dimension Data s monitoring offering

Managed Secure Infrastructure Service

The Future of Unified Communications & Collaboration Netherlands. Key findings from a major global Dimension Data and Ovum study

DSV Air & Sea, Inc. Aerospace Sector. DSV Air & Sea, Inc. Aerospace

The Future of Unified Communications & Collaboration United Kingdom. Key findings from a major global Dimension Data and Ovum study

Dimension Data Cloud Services

Cloud Security: Developing a Secure Cloud Approach

MAUVE GROUP GLOBAL EMPLOYMENT SOLUTIONS PORTFOLIO

HIPAA security rules of engagement

Chart 1: Zambia's Major Trading Partners (Exports + Imports) Q Q Switzernd RSA Congo DR China UAE Kuwait UK Zimbabwe India Egypt Other

Foreign Taxes Paid and Foreign Source Income INTECH Global Income Managed Volatility Fund

World Consumer Income and Expenditure Patterns

Appendix 1: Full Country Rankings

FDI performance and potential rankings. Astrit Sulstarova Division on Investment and Enterprise UNCTAD

Workforce Optimisation

Global AML Resource Map Over 2000 AML professionals

The Future of Unified Communications & Collaboration Financial Services. Key findings from a major global Dimension Data and Ovum study

The Future Of Unified Communications and Collaboration is Managed. Key findings from a major global Dimension Data and Ovum study

Consolidated International Banking Statistics in Japan

Maintaining the Balance Between User Experience and Security

Bangladesh Visa fees for foreign nationals

Agenda. Company Platform Customers Partners Competitive Analysis

Cisco Global Cloud Index Supplement: Cloud Readiness Regional Details

Triple-play subscriptions to rocket to 400 mil.

BT Premium Event Call and Web Rate Card

The face of consistent global performance

Introducing GlobalStar Travel Management

best practice guide 8 Considerations for an Energy-efficient Data Centre

360 o View of. Global Immigration

Enterprise Mobility Suite (EMS) Overview

Transcription:

white paper Four steps to improving cloud security and compliance Despite the widespread proliferation of cloud computing, IT decision makers still express major concerns about security, compliance, and risk management. Nearly 50% of respondents to the 2014 Future of Cloud Computing Survey cited security as the No. 1 concern that would inhibit deployments. The next two greatest inhibitors were privacy and compliance, each cited by more than 30% of the 1,358 respondents. 1 There are a number of ways that organisations can improve their level of comfort in working with a cloud services provider, whether for hybrid cloud, Infrastructure as a Service, Platform as a Service, or other types of deployments. Companies can be far more circumspect in examining the security capabilities of their cloud services providers, and they can insist on the highest levels of certification, such as ISO 27001. 1 2014 Future of Cloud Computing, GigaOm, North Bridge Investment Partners, et al, June 2014

But just focusing on your cloud supplier and its certifications won t be enough to ensure your comfort and protection. There are many examples of companies doing the utmost in due diligence and certification compliance, yet they still suffer from attacks and data breaches with serious consequences. The reality is that each company is ultimately responsible for protecting its own data and brand, so it must assume a good portion of the responsibility and control of security and compliance in dealing with cloud providers. Simply put: You should not fully outsource your cloud security. At the very least, you should consider security and compliance to be a shared responsibility with cloud providers, and you should ensure that your organisation is accountable and actively engaged in defining policy and processes, with proper reporting to provide the oversight to reduce risk. A good way forward is to ensure that the cloud provider understands your strategic requirements for applications and workloads, and how you plan to govern policy and process to reduce risk. The best approach to ensuring security and compliance with regulatory requirements is a collaborative partnership. What does it take to ensure a collaborative and strategic approach to security governance, risk management, and compliance in the cloud? The following are four of the most important steps your organisation can take: Step No. 1: Conduct an internal assessment Loss of control and lack of visibility are two of the primary concerns that organisations express most often in moving to a cloud-based platform. But the challenges typically start internally, without clearly defined controls and visibility within the organisation. Dimension Data has worked with a wide range of companies deploying the full gamut of cloud models. One of the lessons we ve learned is that there is a wide gap between mature organisations with well-defined policies and processes related to acceptable risk, versus companies that are less mature in their approach. Companies without processes and policies have more work to do before they can confidently address challenges of securing data and applications in the cloud. As an organisation, you can begin to address these challenges by assessing what you are doing, why you are doing it, what kinds of challenges you anticipate, and what outcomes you expect. You must understand not only what you are doing, but also the context of why you are doing it. In using cloud services, key questions to ask of your organisation are: What is the business rationale for selecting cloud as a delivery model for specific applications and workloads? Which services will be placed in the cloud, and what are the expected outcomes? Has the organisation done a thorough cost analysis, does it know which areas of the business will be positively affected, and does it have clearly defined business goals? What data is the organisation potentially exposing in the applications moving to the cloud? Assuming the reward outweighs the risk, what can be done to mitigate risk? As the organisation adopts new technologies, such as the Internet of things, big data analytics, or mobility, how much risk is the business willing to assume to derive the associated benefits? Step No. 2: Determine your security maturity and risk appetite After the internal assessment phase, organisations have a better idea of their security maturity. The next step is to understand the risks and how much risk the organisation is willing to take. Then you are ready to work with your 02

cloud provider to eliminate or mitigate associated risks. The discovery and follow-on discussion with your cloud provider will give you a good idea of what you can expect. Here are some areas that should be explored: Compliance requirements: There are compliance requirements that apply to all businesses, ranging from financial reporting to security aspects of the specific data centres you are using. There are also industryspecific compliance requirements that address issues around data protection, such as HIPAA in healthcare or Dodd-Frank in finance. Which of these apply to the applications you are planning to move to the cloud? Business demands: Core systems and applications moving to the cloud will dictate service levels. Can you address your risk tolerance and achieve service levels required by the business? How will the cloud provider enable your organisation to meet obligations such as audits, contracts, standards, and certifications? The impact of data loss: With a thorough understanding of which data you need to protect and where you need to protect it, you can work with your cloud provider on a collaborative strategy to ensure protection at all points at rest and in transit between the data centre and the cloud, for example. The financial impact of data loss is significant: One study puts it at $145 for every lost or stolen record containing sensitive and confidential information. 2 But you also have to factor in the damage to brand reputation and customer goodwill, which can be devastating. There s strong incentive for you and the cloud provider to have an acceptable plan. Step No. 3: Choose the right cloud provider Understanding your goals, level of security maturity and appetite for risk will help you determine what to look for in a cloud provider. There are certainly enough commodity-type suppliers in the market if you are willing to take the risk and if your organisation doesn t need any help at all with your approach to governance, compliance, and risk management. However, as more production workloads move to the cloud and the applications are more complex, most organisations find that they need a cloud provider that is a partner in protection. Today, companies have 2 2014 Cost of Data Breach Study: Global Analysis, Ponemon Institute LLC, May 2014 to recognise that cloud security and compliance are shared responsibilities, and should be looking for partners than can provide: Thought leadership: You want a partner that can work closely with your organisation to understand your challenges, identify your gaps, and put in place a cloud solution that will ensure that each workload is going to be secure. People on the ground: Most organisations can benefit from having a trusted security advisor. Not all cloud providers have a team of experts to architect the right environment for missioncritical applications. Select a provider that can surround your cloud applications with custom network, storage, and security solutions. Many providers partner with hundreds of service providers, leading you to integrate and manage the different aspects of your cloud, which introduces risk into the process. Integration and security technologies/expertise: Security is an ongoing and evolving challenge. Working with a cloud partner gives you an edge in developing a long-term approach to governance, compliance, and risk management. Projects should include hardening your 03

systems, ongoing vulnerability management, and quality assurance. One other important consideration in evaluating a cloud provider: Don t be afraid to ask questions about its levels of security and infrastructure, including the security technologies it deploys, its network architectures, and its certifications for security and data centre compliance. If you don t get clear and specific answers, be suspicious. Your suppliers should be open about their own capabilities. Step No. 4: Work with your cloud provider to develop a shared responsibility matrix Once you ve selected your security partner, you can move forward together with a shared responsibility matrix. Matrices will vary depending on factors such as the cloud model (public or private); the organisation s risk profile and maturity level; and the type of applications and workloads moving to the cloud. That s why it s important to work with a partner that can deliver on the characteristics cited above: Thought leadership, broad and deep security experience, and integration experience. A shared responsibility matrix could look like this: Cloud Security Shared Responisbility IaaS PaaS SaaS CLIENT IT Applications Applications Applications CLIENT IT Data Data Data Runtime Runtime Runtime Middleware Middleware Middleware O/S O/S O/S CLOUD PROVIDER Virtualisation Virtualisation Virtualisation Servers Servers Servers Storage Storage Storage CLOUD PROVIDER CLOUD PROVIDER Networking Networking Networking 04

Recognising that success in the cloud requires a shared responsibility model, and putting together a framework and matrix to outline how that works, is a key step in forging a long-term partnership. Other key elements include: Continued evolution, by working together to adopt a strategy for governance, risk management and compliance, and conducting the necessary due diligence along the cloud journey. Increased visibility of controls to support and address your unique business requirements. Thought leadership, providing guidance based on best practices. On-site support with a physical presence and bespoke solutions. Taking the next step Cloud computing presents a great opportunity for organisations to be more competitive, grow at a lower cost and innovate to benefit customers, employees, partners, and shareholders. More production workloads are destined for the cloud, including critical applications and core systems. Security and compliance are concerns that organisations must address if they are to feel confident in expanding their use of public, private, and hybrid cloud environments. Understanding your organisation s tolerance for risk and its vulnerabilities is key to choosing applications for the cloud. Choose cloud providers that can operate in a true sharedresponsibility model as a rule, not an exception, combined with thought leadership, on-site support, and a team of professionals to help you every step of the way. Dimension Data is one of a few cloud providers with a managed security practice, used to advising risk-conscious companies. Dimension Data is where you are, in more than 50 countries around the world. For companies moving mission-critical applications to the cloud, Dimension Data is a full service provider and the Dimension Data Cloud Surround provides storage, network, and security solutions for consistent successful outcomes. With more than 6,000 clients across all industry segments, we are hands-on experts so you can be hands-free users of cloud. 2014 TechTarget 05

MIDDLE EAST & AFRICA ALGERIA ANGOLA BOTSWANA CONGO BURUNDI DEMOCRATIC REPUBLIC OF THE CONGO GABON GHANA KENYA MALAWI MAURITIUS MOROCCO MOZAMBIQUE NAMIBIA NIGERIA RWANDA SAUDI ARABIA SOUTH AFRICA TANZANIA UGANDA UNITED ARAB EMIRATES ZAMBIA ASIA CHINA HONG KONG INDIA INDONESIA JAPAN KOREA MALAYSIA NEW ZEALAND PHILIPPINES SINGAPORE TAIWAN THAILAND VIETNAM AUSTRALIA AUSTRALIAN CAPITAL TERRITORY NEW SOUTH WALES QUEENSLAND SOUTH AUSTRALIA VICTORIA WESTERN AUSTRALIA EUROPE BELGIUM CZECH REPUBLIC FRANCE GERMANY ITALY LUXEMBOURG NETHERLANDS SPAIN SWITZERLAND UNITED KINGDOM AMERICAS BRAZIL CANADA CHILE MEXICO UNITED STATES For contact details in your region please visit www.dimensiondata.com/globalpresence www.dimensiondata.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information