Cloud Computing Strategies for the CIO
A major concern for most enterprises considering cloud computing services is security in the cloud. Relatively untested and often in their infancy, cloud providers still have to prove that they can fully protect data in a cloud computing environment. But if you're one of those organizations that has already made the cloud computing plunge, we have some expert advice that will help lock down the privacy of your systems.
This collection of tips on cloud computing security from contributor Phil Cox details how to secure your cloud services, no matter what they may be, and offers guidance on keeping your data safe from intrusion and any vulnerabilities in your underlying operating system or domain name system.
OUR TIP SERIES ON CLOUD SECURITY
Five requirements for deploying an application in a public cloud
These five requirements, one of which is the application's
data security, should be met before moving an application to the public cloud.
How to use Software as a Service securely
While the general security needs of Software
as a Service (SaaS) are taken care of by the service's provider, make sure that issues like
insecure credentials do not threaten
your system's privacy.
How to use Platform as a Service securely
Monitor and mitigate these known
vulnerabilities when working with Platform
as a Service (PaaS), including lax default application configurations and holes in Secure
Sockets Layer (SSL) protocols.
Securing IaaS operating system vulnerabilities
The number one threat to Infrastructure
as a Service (IaaS) is the weaknesses of the underlying
operating system and its services.
Dealing with IaaS remote management security threats
Using remote management options like virtual
private networks (VPN) and remote
desktops in conjunction with IaaS can lead to poor credentials, implementation flaws and other
threats
that must be mitigated.
Protecting IaaS from domain name system threats
Keep IaaS as secure as possible by understanding
and resolving any IP-related threats that stem from the domain name
system.
Securing data in the cloud
Guarantee the security of your data in the cloud by classifying and storing it under the proper
protection requirements.
Understanding cloud compliance issues
Be sure to ask the right questions when it comes to cloud computing and compliance concerns, as
moving to the cloud can impact an organization's ability to comply
with its previous regulations and standards.
Is PCI compliance attainable in a public cloud?
Can you reach PCI
DSS compliance in a public cloud? The answer is yes, but there are several cloud-related
nuances that PCI DSS
does not address. Find out the requirements you'll need to follow to stay compliant.
Intrusion detection in a cloud computing environment
Find out how intrusion
detection is performed on SaaS, PaaS and IaaS, along with whether or not your cloud computing
environment has the appropriate
intrusion detection systems necessary to detect and respond to attacks.
ABOUT THE AUTHOR:
Phil Cox is a principal consultant of SystemExperts Corporation, a consulting firm that specializes in system security and management. He is a well-known authority in the areas of system integration and security.
His experience includes Windows, UNIX, and IP-based networks integration, firewall design and implementation and ISO 17799 and PCI compliance. Phil frequently writes and lectures on issues dealing with heterogeneous system integration and compliance with PCI-DSS. He is the lead author of Windows 2000 Security Handbook Second Edition (Osborne McGraw-Hill) and contributing author for Windows NT/2000 Network Security (Macmillan Technical Publishing).
Phil holds a BS in Computer Science from the College of Charleston
This was first published in April 2010
Join the conversationComment
Share
Comments
Results
Contribute to the conversation