Cloud Security must remain the top objective when organizations consider moving their data over to a cloud computing platform. While cloud computing offers businesses many benefits, an organization choosing to place its intellectual property along with its customer information and corresponding emails into a cloud computing environment will also have to come to the realization that that data will be subject to other serious vulnerabilities and threats.
This article would like to focus on raising an awareness to those threats and at the same time propose some steps that an organization can take to ensure and better manage the information they decide to place in a cloud computing environment.
Cloud Security Alliance (CSA)
First a little background — The Cloud Security Alliance (CSA), is a non-profit organization whose mission is to “promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing”.
The CSA has long been assisting companies seeking guidance and direction for maintaining control of its information security elements placed in a cloud computing environment.
Just recently, the CSA published a listing of the “Treacherous 12”. These treacherous twelve are threats they believe to be the top 12 cloud computing threats facing companies and individuals in 2016.
By at least being aware of these threats, the CSA believes that companies can be better prepared to understand, review, evaluate and manage the risks present whenever they make the decision to enter the realm of cloud computing.
Some of these listed threats include topics such as data breaches, compromised credentials and broken authentication, hacked interfaces and API’s ………..and the list continues.
Click here to see the full listing.
Secure Cloud Storage
Along with these threats, secured cloud storage will also quickly become another important aspect of risk mitigation and of maintaining a secure cloud security position.
Choosing the right provider and service company that offers secure cloud storage remains a critical first step to be taken
Companies like Amazon’s AWS, Sales force, and Box stand out among several names for housing secured cloud storage. Especially in times where law enforcement agencies move to gain access to data stored on the cloud to
The Cloud Standards Customer Council (CSCC) recently outlined the following 10 steps for ways to help ensure higher levels of control and cloud computing security;
- Ensure effective governance, rick and compliance processes exist
- Audit operational & business processes
- Manage people, roles and identities
- Ensure proper protection of data and information
- Enforce Privacy policies
- Assess the security provisions for cloud applications
- Ensure cloud networks and connections are secure
- Evaluate security controls on physical infrastructure and facilities
- Manage security terms in the cloud service agreement
- Understand the security requirements of the exit process.
Click here to read the full report and details regarding the steps above.
Our staff also recommends reading some articles and postings written by Mauricio Prinzlau. Prinzlau is the CEO of Cloudwards.net, a data and user feedback driven comparison engine for cloud apps and services. He enjoys writing and producing educational videos around the cloud to help people find the best cloud service for their needs.
If your organization is considering moving over to cloud computing, please pass this information along to those internal team members evaluating that decision.
by: Nina N. Rodriguez and Ben J. Carnevale