Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Five Steps to Creating a Governance Framework for Cloud Security
The cloud is your investment, your IP, your resource, and you should make sure it is protected

Cloud computing has revolutionized the way organizations around the world use technology. Despite the fact that many refer to 2011 as the Year of the Data Breach, and cloud computing has earned a reputation of being inherently insecure, that stigma is simply just not true. Most cloud providers have much higher security measures for their systems than even the most sophisticated IT departments can afford to deploy. The perceived lack of security comes from the mismatch between on-premise security assumptions and the expanded needs driven by the use of cloud.

Cloud computing is a significant technology trend that is set to dramatically change the nature of business. We have witnessed a recent spate of high-profile security attacks and data security breaches - from Amazon to Epsilon - and as worrisome as these incidents are, they are not as worrisome as the reputation of cloud computing being insecure. In fact, cloud computing seems to have become a scapegoat for failed security measures. On closer examination of some larger incidents, it's clear that many data breaches are a result of inadequate cloud security practices.

  • First, organizations that are currently using or considering adopting a cloud model need to treat the cloud as they would any of their assets.
  • Once you have the model, you need to apply security to it. The creation of a secure cloud environment requires the implementation of a strong governance framework.

Without a set of widely adopted cloud security standards and practices amongst the various cloud vendors, the adoption of cloud computing has created significant challenges for IT security professionals. A governance framework for cloud security is a viable solution to address these challenges organizations face.

A governance framework stretches across all aspects of IT, reaches every facet of an organization and touches each employee. Creating a governance framework for cloud security is no different. It must allow the CIO and CSO to view, assess and manage all risks, security, and compliance for the cloud environment. While the Cloud Security Alliance has developed a framework of risk issues that need to be addressed in a cloud computing context, their "Security Guidance for Critical Areas of Focus in Cloud Computing" is not mandated and by no means does it ensure your own security.

A governance framework allows organizations to devise an individual security strategy with checks and balances that fit their own environment. Even when working with Managed Service Providers that claim to be secure, SLAs will only take you so far - ultimately you are responsible for your own data and auditors will be the first ones to let you know that. Security, compliance, IT and the business must be on the same page, and a governance framework for cloud security will help pave the way.

Five Steps for Implementing a Governance Framework for Cloud Security

1. Understand the Insider Threat; Set Policies to Address
This may sound trite but it is the first step for good reason; insiders pose tremendous threat not only due to malicious behavior, but to inadvertent changes that could ultimately cause significant damage or risk to an organization. According to Verizon's 2011 Data Breach Investigations Report, 17% of data breaches in 2010 were caused by insiders. To create a powerful cloud security platform, organizations must develop strong policies that do more than just tick a compliance box. Create awareness amongst all employees about what security means, how it can affect the organization and what they can and must do.

2. Implement a Horizontal Audit Compliance Framework
Implement an audit tool that can show where organizations are vulnerable across the board, rather than in disparate silos. In large organizations it's common for vertical business units to rarely communicate with one another. To overcome this, create a horizontal audit compliance framework that provides a view across all business units and combines the respective information streams.

3. Manage Identity and Access
IT departments need to either extend existing identity management initiatives to include the cloud or establish a process to collectively manage identities across all systems to best protect corporate data and systems.

As part of a governance framework, put a solution in place that looks beyond just the operating system to incorporate all platforms, applications and databases, and then places an access governance tool over the top.

Insider threats can be overcome by a strict Identity and Access Management solution or even an IDentity as a Service (IDaaS) solution that will allows IT managers to track privileged access to sensitive data and also allows them to assign or revoke these privileges. Support the identity management solution with security data logging and auditing that allows management to know who does what, where and when, and that any changes are logged and audited sufficiently.

4. Leverage Your Security Information and Event Management Deployment
Some organizations may consider increasing security controls when moving to the cloud. If you already have a Security Information and Event Management (SIEM) solution, ensure that it can integrate data from the cloud, as well as from your identity and access management solution. This will give you a complete view of your security posture.

Lately, we see security being offered as a service (SecaaS). This could be a solution for newcomers to the cloud or organizations that cannot build such security measures themselves either due to lack of funding or internal resources.

5. Consider a Governance Framework Solution
There's no need to build a framework from scratch. There are many IT Service Management solutions or dashboards that have drill-down functionality to all IT governance, risk and compliance (GRC) and security elements. If you already have an IT Service Management solution in place, you may want to consider extending this to also include security and compliance requirements across physical, virtual and cloud environments.

Ultimately, organizations need to develop strict governance frameworks to ensure cloud infrastructure and operations are as secure - if not more secure - than traditional on-premise approaches to protect corporate data and critical systems. As hybrid on-premise cloud environments become the norm in the coming years, organizations will need a comprehensive way to protect data across this environment. Data will need to be secure regardless of where it resides and governance frameworks are a key component to ensuring a comprehensive approach to information protection.

Data breaches will continue to be highly visible and will quickly become public knowledge, particularly in light of recent SEC guidance. From lost revenue, increased expenses and fines to damaged customer relationships and corporate brand reputation, the costs associated with data breaches are significant and far-reaching. The cloud is your investment, your IP, your resource, and you should make sure it is protected as much as if not more so than any other piece of the organization.

About Tom Cecere
A 30-year technology industry veteran, Tom Cecere is the director of Product Management for Cloud Computing products at NetIQ. Responsible for throughout his career for driving Marketing, Products, Channel Development and Professional Services at Novell and previously Tally Systems, Cecere also serves on the Board of Directors for the SIIA.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
"Storpool does only block-level storage so we do one thing extremely well. The growth in data is what drives the move to software-defined technologies in general and software-defined storage," explained Boyan Ivanov, CEO and co-founder at StorPool, in this SYS-CON.tv interview at...
Sometimes I write a blog just to formulate and organize a point of view, and I think it’s time that I pull together the bounty of excellent information about Machine Learning. This is a topic with which business leaders must become comfortable, especially tomorrow’s business lead...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices ...
The question before companies today is not whether to become intelligent, it’s a question of how and how fast. The key is to adopt and deploy an intelligent application strategy while simultaneously preparing to scale that intelligence. In her session at 21st Cloud Expo, Sangeeta...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE