De­cod­ing Cloud Se­cu­rity

His­tor­i­cally, se­cu­rity has been one of the big­gest ob­sta­cles to cloud adop­tion. While sig­nif­i­cant im­prove­ments have been made to over­come these con­cerns, le­git­i­mate chal­lenges re­main which need to be tack­led and ad­dressed for re­spon­si­ble use of cloud reso

Dataquest - - CONTENTS -

Cloud is the new norm, and the con­ver­sa­tion has changed from “whether to be in the cloud”, to “when do we move there” to “how should we move and op­er­ate”? With this change, it is ex­pected that se­cu­rity has to be de­signed for the cloud right from the time the in­fra and apps are moved/ im­ple­mented. His­tor­i­cally, se­cu­rity has been one of the big­gest ob­sta­cles to cloud adop­tion. While sig­nif­i­cant im­prove­ments have been made to over­come these con­cerns, le­git­i­mate chal­lenges re­main which need to be tack­led and ad­dressed for re­spon­si­ble use of cloud re­sources.

So­lu­tions to meet these chal­lenges need a 360-de­gree ap­proach – cov­er­ing is­sues of gov­er­nance & risk man­age­ment, data se­cu­rity, user and iden­tity and ac­cess man­age­ment, in­fra­struc­ture and foun­da­tion se­cu­rity, plat­form and soft­ware se­cu­rity, and smooth in­te­gra­tion of all of these se­cu­rity com­po­nents. It is there­fore im­per­a­tive to have a clear se­cu­rity strat­egy aligned to or­ga­ni­za­tion’s cloud strat­egy and goals com­bined with the threat pro­file and se­cu­rity strat­egy.

The cloud mar­ket has grown quite big in the coun­try and there are sev­eral es­tab­lished play­ers in the mar­ket. So, the ques­tion arises how do com­pa­nies carve a niche for them­selves .Ac­cord­ing to Samir Shah, As­so­ciate Part­ner – Cy­ber Se­cu­rity, EY, three as­pects are cru­cial when it comes to pro­vid­ing a cred­i­ble cloud plat­form. Firstly, a se­cure cloud ecosys­tem with ap­pro­pri­ate con­trols to pro­tect the con­fi­den­tial­ity, avail­abil­ity and in­tegrity of the sys­tems and data is ex­tremely im­per­a­tive for a cloud ser­vice provider. A trusted cloud ecosys­tem must be de­signed to stand the test of time. It should pro­vide high avail­abil­ity and re­silience to ad­verse events. The third as­pect is to have an au­dit-ready cloud ecosys­tem that has con­tin­u­ous com­pli­ance and is cer­ti­fied to meet spe­cific in­dus­try reg­u­la­tions and leg­is­la­tion.

“As part of Ac­cen­ture’s con­tin­ued fo­cus on adapt­ing to emerg­ing tech­nolo­gies like the Cloud, and de­vel­op­ing ex­per­tise and in­no­vat­ing in these ar­eas, the past sev­eral years have seen a steep up­ward tra­jec­tory with re­gards to both depth of cloud spe­cific skill and so­phis­ti­ca­tion of cloud se­cu­rity ser­vices shaped and avail­able for clients to con­sume.

Ac­cen­ture sees cloud as an ex­ten­sion of the en­ter­prise, with the need to main­tain the same min­i­mum level of se­cu­rity con­trol in the cloud as is avail­able within the en­ter­prise, while also ac­count­ing for the risks that are spe­cific to the vir­tual ex­tended en­ter­prise.

From con­ver­sa­tions with our clients’ in C-suite, we un- der­stand that se­cu­rity has been one of the big­gest ob­sta­cles to cloud adop­tion, and have striven to both lever­age the sig­nif­i­cant im­prove­ments in na­tive, in­cre­men­tal and op­ti­mal se­cu­rity so­lu­tions of­fered by cloud ser­vice providers, and add to it with deep se­cu­rity per­spec­tive, years of con­sult­ing and de­liv­ery ex­pe­ri­ence and skill en­hance­ments of our own to over­come these con­cerns, and align cloud se­cu­rity with busi­ness ob­jec­tives,” said Muthu Raja Sankar, Man­ag­ing Di­rec­tor, Ac­cen­ture Se­cu­rity.

PRO­TECT DATA PRI­VACY IN CLOUD

As we all know, vir­tu­al­iza­tion and cloud go hand in hand. Or­ga­ni­za­tions are in­creas­ingly mov­ing work­loads to the cloud to cap­i­tal­ize on vir­tu­al­iza­tion ben­e­fits—but with that move comes new se­cu­rity re­quire­ments. En­ter the vSRX Vir­tual Fire­wall, pro­vid­ing scal­able, se­cure pro­tec­tion across pri­vate, pub­lic, and hy­brid clouds.

“The vSRX of­fers the same fea­tures as our phys­i­cal SRX Se­ries fire­walls but in a vir­tu­al­ized form fac­tor for de­liv­er­ing se­cu­rity ser­vices that scale to match net­work de­mand. It of­fers the same fea­tures as the SRX ap­pli­ance, in­clud­ing core fire­wall, ro­bust net­work­ing, full next-gen ca­pa­bil­i­ties, and au­to­mated life-cy­cle man­age­ment. Han­dling speeds up to 100 Gbps, the vSRX is the in­dus­try’s fastest vir­tual fire­wall.

It sup­ports Ju­niper Con­trail, OpenCon­trail, and third­party soft­ware-de­fined net­work­ing (SDN) so­lu­tions and in­te­grates with cloud or­ches­tra­tion tools such as OpenS­tack. Junos Space Se­cu­rity Di­rec­tor with Pol­icy En­forcer en­ables au­to­mated se­cu­rity en­force­ment, giv­ing you uni­fied man­age­ment and vis­i­bil­ity for phys­i­cal and vir­tual as­sets through a com­mon in­ter­face,” said M Muthukuar, VP En­gi­neer­ing & Site Leader, Ju­niper Net­works In­dia.

PRI­VATE CLOUD

De­ployed in your pri­vate cloud, vSRX pro­tects against the lat­eral spread of ad­vanced threats be­tween vir­tual ma­chines within your net­work bor­ders. It pro­vides scal­able ap­pli­ca­tion se­cu­rity for dy­namic work­loads and pro­tects mis­sion-crit­i­cal ap­pli­ca­tions from known and un­known threats. It sup­ports VMware ESXi and NSX and KVM/ OpenS­tack (Ubuntu, Cen­tos, Red­hat) pri­vate clouds.

PUB­LIC CLOUD

The vSRX Vir­tual Fire­wall helps you seam­lessly ex­tend your pri­vate cloud into pub­lic cloud en­vi­ron­ments, se­curely mov­ing data and work­loads with ease. As a VPN gate­way, the vSRX pro­vides re­mote users with safe ac­cess to their work­loads. As a seg­men­ta­tion gate­way, the

vSRX pro­tects pub­lic-cloud work­loads by block­ing lat­eral threats us­ing ap­pli­ca­tion poli­cies that help main­tain se­cu­rity and com­pli­ance. The vSRX is avail­able on Ama­zon Web Ser­vices (AWS) Mar­ket­place, AWS GovCloud (U.S.), Azure Govern­ment Cloud, and Mi­crosoft Azure Mar­ket­place through pay as you go (PAYG) or bring your own li­cense.

Ac­cen­ture of­fers com­pre­hen­sive so­lu­tions for Cloud Data Pro­tec­tion Ser­vices, which spans the en­tire life­cy­cle of data pro­tec­tion – start­ing from de­ter­min­ing the right data to mi­grate and bal­anced, iden­ti­fy­ing pro­tec­tive mea­sures re­quired to en­able busi­ness growth, in any cloud model, while keep­ing within es­tab­lished risk tol­er­ances and avoid data loss. Ac­cen­ture’s Cloud Se­cu­rity Ref­er­ence Ar­chi­tec­ture com­bined with the se­cu­rity op­er­at­ing model for data pro­tec­tion looks at the var­i­ous cloud de­ploy­ment mod­els (pri­vate, hy­brid, pub­lic) and ser­vice mod­els (IaaS, PaaS, SaaS) and iden­ti­fies the con­trols re­quired for iden­ti­fi­ca­tion, clas­si­fi­ca­tion, and pro­tec­tion. Key con­trols in­clude data mask­ing, en­cryp­tion, anonymiza­tion, data ac­cess con­trol, DLP and data mask­ing.

HOW SHOULD A COM­PANY STRENGTHEN DATA PRI­VACY PRAC­TICES

“The cloud presents a num­ber of se­cu­rity chal­lenges, but the prin­ci­ples of se­cu­rity in the cloud are the same as any other kind of en­vi­ron­ment. There have been cy­ber­se­cu­rity hacks, but those are not unique to the cloud. Good secu- rity is based on mak­ing sure that only au­tho­rized par­ties can ac­cess in­for­ma­tion, whether it’s in the cloud, in­side a net­work, or on de­vices. Mul­ti­fac­tor au­then­ti­ca­tion is key, not just for the cloud but for all en­vi­ron­ments,” said An­jali Arora, SVP and Chief Prod­uct Of­fi­cer, Rocket Soft­ware.

Samir Shah, As­so­ciate Part­ner – Cy­ber Se­cu­rity, EY sums up by say­ing that a com­pany should con­sider fol­low­ing as­pects for strength­en­ing data pri­vacy prac­tices of the Cloud Ser­vice Provider (CSP): CSP’s abil­ity to pro­vide host­ing op­tions to ad­dress chal­lenges of trans-bor­der le­gal re­quire­ments with re­gards to data pri­vacy. The com­pany should have clear vis­i­bil­ity on what the se­cu­rity lev­els are and who con­trols them. A com­pany should en­sure that the collateral dam­ages are cov­ered by the CSP on shared cloud en­vi­ron­ments such as DDOS, DOS or other APT at­tacks. Safe dis­posal or de­struc­tion of data is mon­i­tored dur­ing in­stances of hardware fail­ure or ter­mi­na­tion of con­tracts Abil­ity of the CSP to ad­dress chal­lenges in main­tain­ing a com­mon Iden­tity and Ac­cess Man­age­ment (IAM) so­lu­tion for all its cus­tomers and sup­port the in­ci­dent re­sponse pro­cesses or re­lated re­quire­ments

Reg­u­lar in­de­pen­dent se­cu­rity au­dits for the CSP’s cloud in­fra­struc­ture, ap­pli­ca­tions and fa­cil­i­ties and pro­vid­ing these au­dit re­ports to high­light all con­trol gaps (e.g. Ser­vice Or­ga­ni­za­tion Con­trol re­ports).

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.