yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
Cloud Expo & Virtualization 2009 East
Smarter Business Solutions Through Dynamic Infrastructure
Smarter Insights: How the CIO Becomes a Hero Again
Windows Azure
Why VDI?
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun's Incubation Platform: Helping Startups Serve the Enterprise
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Five Steps to Creating a Governance Framework for Cloud Security
The cloud is your investment, your IP, your resource, and you should make sure it is protected

Cloud computing has revolutionized the way organizations around the world use technology. Despite the fact that many refer to 2011 as the Year of the Data Breach, and cloud computing has earned a reputation of being inherently insecure, that stigma is simply just not true. Most cloud providers have much higher security measures for their systems than even the most sophisticated IT departments can afford to deploy. The perceived lack of security comes from the mismatch between on-premise security assumptions and the expanded needs driven by the use of cloud.

Cloud computing is a significant technology trend that is set to dramatically change the nature of business. We have witnessed a recent spate of high-profile security attacks and data security breaches - from Amazon to Epsilon - and as worrisome as these incidents are, they are not as worrisome as the reputation of cloud computing being insecure. In fact, cloud computing seems to have become a scapegoat for failed security measures. On closer examination of some larger incidents, it's clear that many data breaches are a result of inadequate cloud security practices.

  • First, organizations that are currently using or considering adopting a cloud model need to treat the cloud as they would any of their assets.
  • Once you have the model, you need to apply security to it. The creation of a secure cloud environment requires the implementation of a strong governance framework.

Without a set of widely adopted cloud security standards and practices amongst the various cloud vendors, the adoption of cloud computing has created significant challenges for IT security professionals. A governance framework for cloud security is a viable solution to address these challenges organizations face.

A governance framework stretches across all aspects of IT, reaches every facet of an organization and touches each employee. Creating a governance framework for cloud security is no different. It must allow the CIO and CSO to view, assess and manage all risks, security, and compliance for the cloud environment. While the Cloud Security Alliance has developed a framework of risk issues that need to be addressed in a cloud computing context, their "Security Guidance for Critical Areas of Focus in Cloud Computing" is not mandated and by no means does it ensure your own security.

A governance framework allows organizations to devise an individual security strategy with checks and balances that fit their own environment. Even when working with Managed Service Providers that claim to be secure, SLAs will only take you so far - ultimately you are responsible for your own data and auditors will be the first ones to let you know that. Security, compliance, IT and the business must be on the same page, and a governance framework for cloud security will help pave the way.

Five Steps for Implementing a Governance Framework for Cloud Security

1. Understand the Insider Threat; Set Policies to Address
This may sound trite but it is the first step for good reason; insiders pose tremendous threat not only due to malicious behavior, but to inadvertent changes that could ultimately cause significant damage or risk to an organization. According to Verizon's 2011 Data Breach Investigations Report, 17% of data breaches in 2010 were caused by insiders. To create a powerful cloud security platform, organizations must develop strong policies that do more than just tick a compliance box. Create awareness amongst all employees about what security means, how it can affect the organization and what they can and must do.

2. Implement a Horizontal Audit Compliance Framework
Implement an audit tool that can show where organizations are vulnerable across the board, rather than in disparate silos. In large organizations it's common for vertical business units to rarely communicate with one another. To overcome this, create a horizontal audit compliance framework that provides a view across all business units and combines the respective information streams.

3. Manage Identity and Access
IT departments need to either extend existing identity management initiatives to include the cloud or establish a process to collectively manage identities across all systems to best protect corporate data and systems.

As part of a governance framework, put a solution in place that looks beyond just the operating system to incorporate all platforms, applications and databases, and then places an access governance tool over the top.

Insider threats can be overcome by a strict Identity and Access Management solution or even an IDentity as a Service (IDaaS) solution that will allows IT managers to track privileged access to sensitive data and also allows them to assign or revoke these privileges. Support the identity management solution with security data logging and auditing that allows management to know who does what, where and when, and that any changes are logged and audited sufficiently.

4. Leverage Your Security Information and Event Management Deployment
Some organizations may consider increasing security controls when moving to the cloud. If you already have a Security Information and Event Management (SIEM) solution, ensure that it can integrate data from the cloud, as well as from your identity and access management solution. This will give you a complete view of your security posture.

Lately, we see security being offered as a service (SecaaS). This could be a solution for newcomers to the cloud or organizations that cannot build such security measures themselves either due to lack of funding or internal resources.

5. Consider a Governance Framework Solution
There's no need to build a framework from scratch. There are many IT Service Management solutions or dashboards that have drill-down functionality to all IT governance, risk and compliance (GRC) and security elements. If you already have an IT Service Management solution in place, you may want to consider extending this to also include security and compliance requirements across physical, virtual and cloud environments.

Ultimately, organizations need to develop strict governance frameworks to ensure cloud infrastructure and operations are as secure - if not more secure - than traditional on-premise approaches to protect corporate data and critical systems. As hybrid on-premise cloud environments become the norm in the coming years, organizations will need a comprehensive way to protect data across this environment. Data will need to be secure regardless of where it resides and governance frameworks are a key component to ensuring a comprehensive approach to information protection.

Data breaches will continue to be highly visible and will quickly become public knowledge, particularly in light of recent SEC guidance. From lost revenue, increased expenses and fines to damaged customer relationships and corporate brand reputation, the costs associated with data breaches are significant and far-reaching. The cloud is your investment, your IP, your resource, and you should make sure it is protected as much as if not more so than any other piece of the organization.

About Tom Cecere
A 30-year technology industry veteran, Tom Cecere is the director of Product Management for Cloud Computing products at NetIQ. Responsible for throughout his career for driving Marketing, Products, Channel Development and Professional Services at Novell and previously Tally Systems, Cecere also serves on the Board of Directors for the SIIA.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Latest Cloud Developer Stories
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions n...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructur...
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mis...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performa...
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)!

Advertise on this site! Contact advertising(at)! 201 802-3021

SYS-CON Featured Whitepapers