The IT ecosystem around the world is buzzing with a brand new term:
‘Cloud Computing.’ Increasingly, consumers and
businesses alike are harnessing computing power in the cloud.
Applications are being run on the cloud
and documents are being stored on powerful servers located in
massive data centers. The future as we see it today is in the
cloud
Ensure your data is secure
Let’s take a step back and understand cloud computing. Cloud
computing is a technology that uses the Internet and central remote
servers to maintain data and applications. Cloud computing allows
consumers and businesses to use applications without having to
install them on premise. This makes it possible to access this
information from any computer having Internet access.
The ramifications of this are significant. Cloud computing has the
potential to offer governments, enterprises and individuals greater
choice and flexibility while spurring significant efficiency gains,
lower IT costs, as well as creating incentives and online platforms
for innovation.
Emerging cloud business models create a growing interdependence
among public and private sector entities and the people they serve.
Such organizations and their customers will become more
interdependent through the use of the cloud.
With these new dependencies come mutual expectations that platform
services and hosted applications should be secure. After all, the
data is at risk when stored in the cloud on someone else’s
hardware and at distant locations. The question for companies then
is: How can you make sure your data is secure? The need of the hour
is a cloud that is protected from cyber criminals as well as one
that serves a transparent source of information for people across
the globe.
There is also a need to address complex compliance requirements as
new and existing services are delivered globally. Regulatory,
statutory, and industry compliance is a highly complex area because
each country has its own laws that can govern the provision and use
of online environments.
Organizations embracing the cloud should consider the following
practical points:
- A well-functioning compliance program for identities, data, and
devices is essential before adopting cloud services.
- Data classification is a key requirement for evaluating risks
and making informed decisions on whether to use cloud
computing.Low-risk data can be put into the cloud with less concern
than high-impact data, which requires stronger security and privacy
controls.
- The choice of deployment model (private, community, and public)
must be based on data classification, security and privacy
requirements, and business needs.
- Even when fully embracing cloud computing, an organization
still needs a strong internal team to manage security and
compliance requirements together with the cloud provider(s).
- Key criteria to bear in mind while evaluating a cloud service
provider are transparency, compliance controls, and
auditability.
- Organizations must implement a secure development lifecycle
methodology for applications that are hosted in the cloud. They
should evaluate the cloud provider’s compliance to a similar
process.
- Stronger credentials should replace user names and passwords as
the foundation of the access management system.
- Consideration should be given to information lifecycle controls
that would limit access to information to only authorized persons
and time frames no matter where the data originates.
- Access controls for data need to operate across organizational
boundaries—among different departments, vendors, governments,
and consumers.
- Federated access across these boundaries must be obtainable
even when a customer does not directly manage the identity and
authentication.
There is absolutely no doubt that companies across the globe are
harnessing their research efforts towards cloud computing. After
all, if an organization is able to reap the benefits of the cloud,
it would surely be on Cloud Nine.
Sanjay Bahl is Chief Security Officer at Microsoft
India