Decoding Cloud Security
Historically, security has been one of the biggest obstacles to cloud adoption. While significant improvements have been made to overcome these concerns, legitimate challenges remain which need to be tackled and addressed for responsible use of cloud reso
Cloud is the new norm, and the conversation has changed from “whether to be in the cloud”, to “when do we move there” to “how should we move and operate”? With this change, it is expected that security has to be designed for the cloud right from the time the infra and apps are moved/ implemented. Historically, security has been one of the biggest obstacles to cloud adoption. While significant improvements have been made to overcome these concerns, legitimate challenges remain which need to be tackled and addressed for responsible use of cloud resources.
Solutions to meet these challenges need a 360-degree approach – covering issues of governance & risk management, data security, user and identity and access management, infrastructure and foundation security, platform and software security, and smooth integration of all of these security components. It is therefore imperative to have a clear security strategy aligned to organization’s cloud strategy and goals combined with the threat profile and security strategy.
The cloud market has grown quite big in the country and there are several established players in the market. So, the question arises how do companies carve a niche for themselves .According to Samir Shah, Associate Partner – Cyber Security, EY, three aspects are crucial when it comes to providing a credible cloud platform. Firstly, a secure cloud ecosystem with appropriate controls to protect the confidentiality, availability and integrity of the systems and data is extremely imperative for a cloud service provider. A trusted cloud ecosystem must be designed to stand the test of time. It should provide high availability and resilience to adverse events. The third aspect is to have an audit-ready cloud ecosystem that has continuous compliance and is certified to meet specific industry regulations and legislation.
“As part of Accenture’s continued focus on adapting to emerging technologies like the Cloud, and developing expertise and innovating in these areas, the past several years have seen a steep upward trajectory with regards to both depth of cloud specific skill and sophistication of cloud security services shaped and available for clients to consume.
Accenture sees cloud as an extension of the enterprise, with the need to maintain the same minimum level of security control in the cloud as is available within the enterprise, while also accounting for the risks that are specific to the virtual extended enterprise.
From conversations with our clients’ in C-suite, we un- derstand that security has been one of the biggest obstacles to cloud adoption, and have striven to both leverage the significant improvements in native, incremental and optimal security solutions offered by cloud service providers, and add to it with deep security perspective, years of consulting and delivery experience and skill enhancements of our own to overcome these concerns, and align cloud security with business objectives,” said Muthu Raja Sankar, Managing Director, Accenture Security.
PROTECT DATA PRIVACY IN CLOUD
As we all know, virtualization and cloud go hand in hand. Organizations are increasingly moving workloads to the cloud to capitalize on virtualization benefits—but with that move comes new security requirements. Enter the vSRX Virtual Firewall, providing scalable, secure protection across private, public, and hybrid clouds.
“The vSRX offers the same features as our physical SRX Series firewalls but in a virtualized form factor for delivering security services that scale to match network demand. It offers the same features as the SRX appliance, including core firewall, robust networking, full next-gen capabilities, and automated life-cycle management. Handling speeds up to 100 Gbps, the vSRX is the industry’s fastest virtual firewall.
It supports Juniper Contrail, OpenContrail, and thirdparty software-defined networking (SDN) solutions and integrates with cloud orchestration tools such as OpenStack. Junos Space Security Director with Policy Enforcer enables automated security enforcement, giving you unified management and visibility for physical and virtual assets through a common interface,” said M Muthukuar, VP Engineering & Site Leader, Juniper Networks India.
PRIVATE CLOUD
Deployed in your private cloud, vSRX protects against the lateral spread of advanced threats between virtual machines within your network borders. It provides scalable application security for dynamic workloads and protects mission-critical applications from known and unknown threats. It supports VMware ESXi and NSX and KVM/ OpenStack (Ubuntu, Centos, Redhat) private clouds.
PUBLIC CLOUD
The vSRX Virtual Firewall helps you seamlessly extend your private cloud into public cloud environments, securely moving data and workloads with ease. As a VPN gateway, the vSRX provides remote users with safe access to their workloads. As a segmentation gateway, the
vSRX protects public-cloud workloads by blocking lateral threats using application policies that help maintain security and compliance. The vSRX is available on Amazon Web Services (AWS) Marketplace, AWS GovCloud (U.S.), Azure Government Cloud, and Microsoft Azure Marketplace through pay as you go (PAYG) or bring your own license.
Accenture offers comprehensive solutions for Cloud Data Protection Services, which spans the entire lifecycle of data protection – starting from determining the right data to migrate and balanced, identifying protective measures required to enable business growth, in any cloud model, while keeping within established risk tolerances and avoid data loss. Accenture’s Cloud Security Reference Architecture combined with the security operating model for data protection looks at the various cloud deployment models (private, hybrid, public) and service models (IaaS, PaaS, SaaS) and identifies the controls required for identification, classification, and protection. Key controls include data masking, encryption, anonymization, data access control, DLP and data masking.
HOW SHOULD A COMPANY STRENGTHEN DATA PRIVACY PRACTICES
“The cloud presents a number of security challenges, but the principles of security in the cloud are the same as any other kind of environment. There have been cybersecurity hacks, but those are not unique to the cloud. Good secu- rity is based on making sure that only authorized parties can access information, whether it’s in the cloud, inside a network, or on devices. Multifactor authentication is key, not just for the cloud but for all environments,” said Anjali Arora, SVP and Chief Product Officer, Rocket Software.
Samir Shah, Associate Partner – Cyber Security, EY sums up by saying that a company should consider following aspects for strengthening data privacy practices of the Cloud Service Provider (CSP): CSP’s ability to provide hosting options to address challenges of trans-border legal requirements with regards to data privacy. The company should have clear visibility on what the security levels are and who controls them. A company should ensure that the collateral damages are covered by the CSP on shared cloud environments such as DDOS, DOS or other APT attacks. Safe disposal or destruction of data is monitored during instances of hardware failure or termination of contracts Ability of the CSP to address challenges in maintaining a common Identity and Access Management (IAM) solution for all its customers and support the incident response processes or related requirements
Regular independent security audits for the CSP’s cloud infrastructure, applications and facilities and providing these audit reports to highlight all control gaps (e.g. Service Organization Control reports).