Security starts with infrastructure assessment
Security professionals are facing the difficult challenge of extending security requirements to take advantage of cloud computing and software-as-a-service applications.
Particularly difficult is finding ways to secure the new boundaries between the enterprise, the cloud service and the end user while managing dependencies on off-premise infrastructure and privileged operators. And they have to do all this without inhibiting flexibility and agility.
It’s a challenge that security professionals have to overcome when considering this.
Research firm IDC predicts that 76% of U.S. organizations will use at least one SaaS-delivered application for business use by the close of 2009. Cloud-based services adoption is being driven by the business performance benefits and realized cost efficiencies. This isn’t new for those of us in IT. Mission critical information already is handled in the cloud for companies that outsource email services or maintain customer information in CRM systems such as Salesforce.com. The challenge for security teams is to safely integrate extended cloud capabilities into corporate policies and procedures.
The best approach?
Forrester recommends the usual checklist of cloud security requirements that any enterprise would have for internally hosted applications. Authenticate users and control access to applications, tightly log and audit privileged operations, protect sensitive data to prevent loss and meet compliance mandates, and reduce risk with rigorous vulnerability management, according to Forrester. Take into account differences in the SaaS vendor’s infrastructure and business practices when evaluating the sensitivity to security. For instance, expect the cloud vendor to be replicating data between data centers for performance and business continuity and expect to have a degree of shared resources with virtualized application environments. (Source: Cloud security begins with infrastructure assessment – Search Security.com)
Click the source to read the whole thing.
Related articles by Zemanta
- There’s no escaping the cloud (theregister.co.uk)
- Developing Guidelines For Cloud Usage, Lessons From Social Media Gaffes (cloudave.com)
- Unisys Looks to Safely Move Business Apps to the Cloud (techcrunchit.com)
- Way beyond the edge and de-perimeterization (deurainfosec.com)
Posted on September 29, 2009, in Cloud computing, Cybersecurity, Security, Technology and tagged Business, Cloud computing, CloudComputing, Computer security, Consultants, Data center, General and Freelance, Salesforce.com, Security, U.S, Unisys, United States. Bookmark the permalink. Comments Off on Security starts with infrastructure assessment.