How can we prepare for cloud computing from a security perspective?
- Identify the data
- Classify the data
- Identify security requirements based on the criticality, regulatory requirements, local jurisdiction, etc
- Perform risk assessment
- Security awareness – educate users and business owners on the risks
- Identify client and business partner requirements on data protection
- Assign proper rights
- Identify and negotiate required SLAs
Conclusion
Cloud computing and security is one of the most talked about issues in the past year or so. Cloud computing has already happened or going to happen for most of the organizations and in some cases without the knowledge of IT. Organizations look for cost savings especially when there is a new business venture and the time to market gets very short.
Considering this, organizations should invest time in preparing for this eventuality and identify the issues beforehand and inform the management on what to check before they want to venture into cloud computing.
However, such an attempt from the cloud providers in closing the issues and identifying a common standard to deal with cloud security is limited. Off late, we are seeing more activity in this area in the form of Cloud Security Alliance, which was formed to promote the use of best practices. Another effort in this area comes in the form of Cloud Computing Incidents Database, which tracks incidents related to cloud computing.
2 comments:
Enjoyed reading it, however, you should have mentioned about virtualization
Virtualization is a whole different topic, even though cloud computing usually involved virtualization. I will cover that topic in the future
Post a Comment