BREAKING NEWS: THE PRESTIGIOUS CONSULTING FIRM, ERNST & YOUNG, RECENTLY REPORTED IN ITS 2012 GLOBAL INFORMATION SECURITY SURVEY THAT CIOS ARE LEERY ABOUT THE SECURITY OF CLOUD COMPUTING SYSTEMS.
IN OTHER NEWS, WATER IS WET, THE SKY IS BLUE AND SIBLINGS FIGHT.
Trepidation over cyber security cloud computing issues is not exactly news. However, what is news is the fact that although cloud computing has been around a while, nobody has solved the concerns that surround security, identity and access management. As reported on the Big4.com blog by Michael Foster, Ernst & Young’s 2012 Global Information Security Survey showed a 31% increase in cyber security cloud incidents over the previous year. Moreover, the report also cited around 33% of those surveyed said they spend in excess of $1 million per year on security.
Undoubtedly the increased use of cloud computing — be it for accessing applications or for storage — has compounded IT cyber security cloud issues with regards to the user provisioning process and its widespread use among even the largest of corporations has made this an enterprise risk management issue.
Cloud cyber security risks really needs to be viewed as an extension of the enterprise and, as such, should require the same access certification solution used within the enterprise to address cloud security threats. The solution lies in the form of identity and access management software and risk compliance management audit controls that ensure user account provisioning along with instantaneous accountability.
Under such a program, an organization’s "headline" items should be:
- "Encryption is Key to Network Traffic": encrypt all data before it goes over the network to public cloud storage
- "No Rest for Encrypted Data": encrypting all files &mdash even those not traversing the network — adds a layer of due diligence as well as a necessary layer of IT cyber security cloud protection; this is particularly important if the file systems cannot be encrypted because then all the files will need to be
- "Storing Keys in the Cloud is Storing Keys in the Open": just like you really shouldn’t hide your house key under a fake rock by the front door, you shouldn’t leave the means to decrypt files stored in the public cloud in the public cloud.
- "Better Structure Means Better Security": most security violations occur due to vulnerabilities in the software; if those holes are not available, the data is harder to breach
- "Backup Early, Backup Often": even if steps are taken to ensure data in the public cloud is secure, you still need to be sure they are replicated somewhere NOT in the cloud just in case the unthinkable happens
Following these steps for cloud computing risk management compliance may not "pop off the page," but they likely will keep your organization off the front page for a highly publicized identity and access management breach in the cloud.
Watch the Avatier Identity and Access Management Time to Value Gwinnett Medical Center Customer Testimonial
Get the Free KuppingerCole Identity Management Analyst White Paper
Learn the role IT automation and business driven self-service administration play in creating lean operations. KuppingerCole’s Assignment Management — Think Beyond Access describes the shift in IT operations from tightly controlled identity management processes to workflow enabled administration.