Security Checklist for Cloud Software



Similar documents
eztechdirect Backup Service Features

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

Paxata Security Overview

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Online Backup Solution Features

Introduction. Ease-of-Use

white paper Using Cloud for Data Storage and Backup By Aaron Goldberg Principal Analyst, Content4IT

SVA Backup Plus Features

Evolved Backup Features Computer Box 220 5th Ave South Clinton, IA

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Enterprise level security, the Huddle way.

Why self-signed certificates are much costlier and riskier than working with a trusted security vendor

Backup & Disaster Recovery for Business

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

OCTOBER 2015 TAULIA SUPPLIER ARCHITECTURE OVERVIEW TAULIA 201 MISSION STREET SAN FRANCISCO CA 94105

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Things You Need to Know About Cloud Backup

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

Click to edit Master title style

Move to the cloud without compromising security

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

TOP SECRETS OF CLOUD SECURITY

techsafe Features Technology Partners th Street - Vero Beach, FL (772) Page 1/

Application Security in the Software Development Lifecycle

Agio Managed Backup FLEXIBILITY RELIABILITY TRANSPARENCY SECURITY. CONTACT SALES (877) agio.com

Preventing Downtime from Data Loss and Server Failure

BMC s Security Strategy for ITSM in the SaaS Environment

AVLOR SERVER CLOUD RECOVERY

How To Protect Your Data From Being Hacked

A Guide to Common Cloud Security Concerns. Why You Can Stop Worrying and Start Benefiting from SaaS

Comparing Online Enterprise Backup Systems. A reliable online backup system is essential for any business running workstations and

Data Storage That Looks at Business the Way You Do. Up. cloud

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Nine Steps to Smart Security for Small Businesses

Five keys to a more secure data environment

WHY CLOUD COMPUTING MAKES SENSE FOR NONPROFITS

TECHNOLOGY OVERVIEW INTRONIS CLOUD BACKUP & RECOVERY

Data Storage that Looks at Business the Way You Do. Up. cloud

Best Practices for PCI DSS V3.0 Network Security Compliance

How To Protect Your Data From Harm

Manufacturers Need More Than Just Backup... But they don t need to spend more! axcient.com

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

4 Critical Risks Facing Microsoft Office 365 Implementation

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

How To Use Egnyte

Gain the cloud advantage. Cloud computing explained Decide if the cloud is right for you See how to get started in the cloud

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Securing the Microsoft Cloud

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption

Cloud Based Disaster Recovery and Technologies Driving it Janson B. Hoambrecker

Finding the Right Cloud Solution for Your Business

WHITE PAPER. The Double-Edged Sword of Virtualization:

HIPAA Privacy & Security White Paper

Virtualizing disaster recovery using cloud computing

The Value of Vulnerability Management*

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Protecting Your Data On The Network, Cloud And Virtual Servers

WALKME WHITEPAPER. WalkMe Architecture

How Our Cloud Backup Solution Protects Your Network

Is a Cloud ERP Solution Right for You?

Sage ERP I White Paper. ERP and the Cloud: What You Need to Know

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM

What You Should Know About Cloud- Based Data Backup

Solving the Second Site IT Dilemma. Understanding the Benefits of Cloud DR for NetApp Storage Environments. Introduction.

FAQ Answers to frequently asked questions relating to the security, protection and redundancy of images stored in the Eclipse Data Center

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Matthias Machowinski, Directing Analyst for Enterprise Networks and Video, Infonetics Research, 20152

Financial Services Need More than Just Backup... But they don t need to spend more! axcient.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

ProjectManager.com Security White Paper

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

How To Choose A Cloud Computing Solution

Five Fundamentals for Modern Data Center Availability

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

KeyLock Solutions Security and Privacy Protection Practices

Client Security Risk Assessment Questionnaire

security in the cloud White Paper Series

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late.

SNAP WEBHOST SECURITY POLICY

The Difference Between Disaster Recovery and Business Continuance

Your complete guide to Cloud Computing

Transcription:

Security Checklist for Cloud Software

Security Checklist for Cloud Software 2 I. Overview Cloud computing has shaped the way businesses view and manage data - so much so that cloud computing terminology is ingrained into everyday business vernacular. For instance, cloud storage applications are often used as a seamless way of collaborating on, and managing key data sets in an efficient and cost-effective way. But as business leaders and technology analysts look to the future of cloud software implementation on an enterprise level, there is still a growing concern over security. In fact, security has always been the primary criticism of cloud technology. most organizations are not taking the proper precautions when moving their sensitive data to the cloud Without the facts it s easy to assume that cloud security has evolved in such a way that these concerns have subsided entirely. While it is true that cloud security has dramatically improved in recent years this still doesn t represent the big picture. The reality is that even as organizations migrate their data to cloud-based solutions, it is incredibly difficult to measure and evaluate the security of a particular cloud application, especially if you don t know what to look for. As for cloud growth, according to a recent Forbes article, The Poneman Institute conducted a study of over 4,200 business and IT managers. The study revealed that enterprise cloud adoption has grown by roughly 10% from 2012. Another Poneman survey given to nearly 800 IT professionals revealed that most organizations are not taking the proper precautions when moving their sensitive data to the cloud. The survey also indicated that roughly 54% of all respondents experienced five major data breaches that involved theft or data loss from a mobile device. Both of these studies reveal two sides of the same coin. On one side, cloud computing - particularly cloud storage - is drastically changing how organizations are managing and housing data. On the other side is the reality that while more enterprise data is being managed in the cloud, it is becoming more susceptible to major data vulnerabilities. In this whitepaper we will unpack eight essential components of cloud security, and how each organization should use this criteria to heavily scrutinize cloud applications before adopting them. It s important to note that while this whitepaper provides a solid framework to start from, this is by no means a comprehensive guide for every potential cloud security situation.

Security Checklist for Cloud Software 3 II. The Security Checklist 1. SSL Encryption While cloud security is not a one-size-fits-all solution for every organization out there, SSL Encryption should be a non-negotiable component of every cloud application an organization evaluates. To the untrained eye, SSL encryption seems like an outdated and archaic approach to data security when compared to a groundbreaking technology like cloud computing. However, it still remains one of the most effective ways to ensure data remains secure in the cloud. Essentially, SSL Encryption technology prevents unauthorized users from viewing and/or accessing data within a cloud system. Originally developed by Netscape, SSL Encryption uses a public key infrastructure. This means that when a file is uploaded into a cloud server, the file in question is encrypted with a public key. From there the file is deciphered with a private key. This ensures that only the file owners can view the data. In other words, all files are encrypted in both the downloading and uploading process. From here it s tempting to assume that all SSL Encryption solutions are created equal. In fact, the opposite is actually true. There is certain criteria that every SSL and Certificate Authority (CA) should meet. For instance, SSLs should use independently verified CAs. This means the CA should support at least AES 128-bit encryption, but preferably should support 256-bit data encryption based on the 2028-bit global root system. 2. Uptime Downtime is a major concern for any organization migrating data into the cloud. According to a 2012 survey by the Seagate cloud storage subsidiary Evault, roughly 54% of all IT departments experienced major data loss from downtime in the preceding 12 months. While downtime instances have improved, downtime still remains one of the main issues surrounding fullscale cloud adoption. 54% of all IT departments experienced major data loss from downtime in the preceding 12 months

Security Checklist for Cloud Software 4 For better or worse, a cloud application is only as effective as its hosting provider. The cloud provider should be able to almost guarantee at least 99.9% uptime. Anything less than that is not worth the investment. Downtime is costly, not just for the cloud provider, but for any organization implementing the cloud application. Depending on the scope of the cloud application and the size of the adopting organization, downtime can cost upwards of hundreds of thousands of dollars per hour. 3. Regular Backups & Disaster Recovery For any organization migrating massive amounts of data to a cloud provider, regular and automated backups are essential. At a bare minimum, a quality cloud provider should provide backups and data snapshots on a daily basis. Data loss due to faulty backup methods is a major area concern for enterprise organizations migrating to the cloud. A cloud provider s backup technology should work in harmony with any future or existing disaster recovery plan set in place. a quality cloud provider should provide backups and data snapshots on a daily basis Failover and Disaster Recovery should be deeply integrated into any cloud solution. In other words, a disaster recovery plan should be in place from day one to deal with any unforeseen disaster - natural or man made. This means that the cloud provider in question should have a clear plan for recovering and restoring lost data quickly and effectively. This often involves having trusted and verified backup vendors, as well as a clear path for quick response times to a data-related crisis. 4. Internal Audits While not at the very top of the security list, Internal Audits are incredibly important to establishing secure cloud applications. This involves regularly auditing internal business processes, as well as accreditation (SSAE16 and SAS70, for example) and certifications of cloud applications. Additionally, a quality cloud provider should be certified under industry-accepted ISO 27001, SOC1/2 and PCI Level 1 certifications. The bottom line is that having an audit trail in place, accounting for all user activity, mitigates risk - especially if you re in the mid-

Security Checklist for Cloud Software 5 dle of a deal. It documents who has access to specific data sets. Beyond deal management, internal audits provide an added layer of operational efficiency. It allows every administrative user to view every user s activity within the cloud application. It aids in project management by showing who is working on a specific project, and who is interested in a specific deal. 5. Strong Password Policy One of the easiest and most effective ways to manage cloud security is through a robust password policy. This is primarily carried out on the software level. In other words, strong password policy should be encouraged and easily implemented within the cloud application. For instance, on the software side of things there should be some visual indicators of a weak, strong or passable password within the application. Any valuable cloud provider will have a strong password policy built into their applications. 6. Activity Tracking Robust reporting is essential to managing and implementing security measures throughout a cloud-based system. Ensure that there reports are easy to create and access in a way the leaves a clear audit trail of all cloud-based processes and tools. In basic terms, everything should be trackable within a quality cloud solution. everything should be trackable within a quality cloud solution Reporting should work in tandem with any internal audits that are conducted. In fact, as data becomes increasingly larger and more complex in the cloud, every process within an application should be tracked. Not only does activity tracking the internal audit process along, but it aids in project management, as it allows every administrative user access to critical information on data essential to closing all kinds of transactions in the cloud. 7. Administrative Control Any organization should have deep administrative control over any cloud application they integrate. This generally means that it

Security Checklist for Cloud Software 6 is easy to manage administrative accounts in a way that ensures the IT department knows exactly who has access to mission-critical data in the cloud. From here, modifying user controls should be quick and easy. 8. Avoid Java & Flash-based Cloud Applications Lastly, avoid any cloud solution that is based on Java or Flash. First off, Java and Flash are inherently incompatible with ios devices, which dramatically limits any organization s ability to mobilize their cloud-based data management efforts. Secondly, both Java and Flash bog down browsers, and generally require that users download endless plugins to remain compatible. Lastly, Java poses major security risks. According to a recent NBC article, Java-designed applications were responsible for well over 50% of all cyber attacks in 2012. Java-designed applications were responsible for well over 50% of all cyber attacks in 2012 III. Conclusion For many organizations, when considering all the security risks, moving data to the cloud is a scary prospect. The good news is that it does not have to be that way. Cloud applications are designed to make life easier for any organization. It all comes down to preparation for adopting a new cloud application. If the cloud application meets all of the above criteria it is definitely worth the investment. Caplinked is at the forefront of the robust cloud security movement. With Capsafe Security, all cloud-based data is backed up and protected with cutting edge security and encryption technologies. References: https://blog.cloudsecurityalliance.org/2011/09/30/when-it-comes-to-cloud-security-don%e2%80%99t-forget-ssl/ http://www.forbes.com/sites/joemckendrick/2013/06/29/enterprises-security-practices-not-keeping-pace-with-cloud-growth-studies-find/ http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1b7938755 http://use.caplinked.com/security/ http://www.crn.com/slide-shows/storage/240148599/6-surprising-surveys-about-causes-and-effects-of-system-downtime.htm?pgno=3bv

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information