INTELLIGENT BRANDS // Cloud
configuration. In addition, the number
and variety of clients has grown to
encompass tablets, mobile devices,
wearables, and IoT sensors. Or using scan-avoidance, which tracks
which files have already been scanned,
and prevents re-scanning if they have
not changed.
This creates a new set of security
challenges, particularly for east-west
traffic. Firewalls placed at the edge
of a datacenter or its virtual clone
can compromise the security of
east-west traffic, because east-west
traffic depends on static routes and
known entities, or else requires that IT
manually configure and direct the east-
west traffic to the security appliance. 4
One way to solve this is with
software-defined security, which
virtualises an enterprise’s security
infrastructure. In this approach, a
controller automatically provisions
security wherever and whenever it
is needed. The system can connect
to multiple datacenters of different
types, and works with many security
solutions. This means it works with
multiple types of cloud configurations.
Intrusion protection systems for
virtual environments are key tools
as well, and work in concert with
software-defined security.
3
Virtualisation and end
point security
Many enterprises move to the cloud
after having virtualised servers and
Compliance in the cloud
Raj Samani is Chief Technology Officer
for EMEA at Intel Security Group.
applications in their datacenter, and
may not be used to the unique security
issues posed by a cloud configuration.
Here is an example. As some enterprises
move to a private cloud, they run
traditional anti-virus products in
virtualised machines to fight malware.
But in doing so they bring those
virtualised machines to their knees,
dramatically slowing performance.
To avoid those kinds of problems,
look for security and data solutions
specifically designed for the hybrid
cloud. For anti-malware protection,
that means special techniques such as
avoiding scanning in virtual machines,
and instead using a scan appliance.
Key takeaways
• Centralise all governance related to cloud deployments where consistent
compliance policies and monitoring across all assets are undertaken
• Crafting service level agreements for the cloud can be complex
• Ensure your service level agreements are in line with your business needs
• Enterprises move to the cloud after having virtualised servers and
applications in their datacenter and may not be used to security issues posed
by cloud configuration
• Firewalls placed at the edge of a datacenter or its virtual clone can
compromise the security of east-west traffic
• In a Frost and Sullivan study more than 80% of respondents admit to using
non-approved SaaS applications in their enterprises
• Look for security and data solutions specifically designed for the hybrid cloud.
• Shadow IT makes it possible for data to be stored and processed in the cloud
without adhering to corporate security policies
• When users and departments store and share sensitive data in the cloud
without IT’s knowledge the enterprise can be exposed in many ways
www.intelligentcio.com
Compliance within the cloud can
be particularly thorny. The issue
is significant enough that 38%
of companies in a survey by the
Cloud Security Alliance said that
a major barrier to cloud adoption
is their concern about regulatory
compliance. As a starting point,
centralise all governance related to
cloud deployments where consistent
compliance policies and monitoring
across all assets are undertaken.
While the work can be outsourced,
the risk remains with the end user
organisation, therefore any compliance
requirements should be addressed
with providers before any contracts are
signed. Dwele into ways your public
and private clouds communicate, and
ensure they meet privacy, security, and
other governance regulations.
5
Inside a service level
agreement
Crafting service level agreements for
the cloud can be complex. You will need
to make sure your public-cloud service
level agreements spell out specific data
protection and security features and
guarantees. You will need to ensure
your service level agreements are in
line with your business needs. Closely
review all terms and conditions, do
not breeze by the legalese and fine
print. Consideration should be placed
on penalties should the service level
agreements not be met, with cyber
insurance as a potential option to cover
the delta between compensation and
cost of impact.
Cloud service providers are building
trust and gaining customers. Increasing
amounts of sensitive data and business-
critical processes are shifting to public
and hybrid clouds. Attackers will adapt
to this shift, continuing to look for the
easiest ways to monetise their efforts or
achieve their objectives.
INTELLIGENTCIO
37