Cloud computing as consumers, companies can do many things to improve the security of cloud computing. In fact, when it comes to the protection of the cloud when the enterprise information security, this is indeed corporate responsibility. In the event of security breaches, enterprises should bear the responsibility, at least for now the case.
Enterprise - Cloud computing consumers - must strive to improve the security of cloud computing. Most of the discussion around cloud computing security, clearly focused on the cloud computing provider should do. Data and application services provider. However, companies need to remember that they bear a great, in some cases to bear the greatest responsibility for the security of cloud computing. Enterprises must never forget the event of security breaches, they will face most of the blame. Enterprise, after all, the collection of data entities.
Cloud computing security is seen as the best cloud computing providers and enterprises shared responsibility. The boundaries between the two is now a little fuzzy. This threshold depends directly on the application of the type of cloud computing model, its scope, including Software as a Service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).
One end of this range, SaaS close to a security black box application security activities for enterprises, basically invisible. The other end of this range is IaaS, business here is mainly responsible for applications, data and other infrastructure level of the security stack.
Enterprises should be done to improve the model in a cloud of security and is prepared to harvest most of the benefits of this cloud it? Here are six steps to be taken:
The first step: know your existing in-house proprietary cloud computing and security of your resume around these systems and processes
Yes. You already have an internal cloud computing. In the past 10 years, medium and large enterprises have established an internal cloud computing, even though they do not call these cloud. These internal Cloud computing is often referred to as shared services, such as identification services, configuration services, database services, or enterprise data center (in a fairly standard hardware and operating system hosted on).
The second step: the assessment of your many business processes implemented by the IT risk and the importance of
Although the move to cloud computing to achieve cost savings is easier to calculate the potential return, but no first-hand understanding of the risks of this equation, it is impossible to carry out "risk and return" calculations. Cloud computing providers can not undertake such an analysis, because it depends entirely on the business processes of the business environment. Relatively high cost of low-level service level agreement is clearly an application of choice for cloud computing. This risk assessment as part of the effort, and good regulations need to consider the potential impact, because some data and services in accordance with regulatory requirements do not allow migration to the site other than the local, state or country outside the outside.
The third step: examining different models and types of cloud computing
Enterprise cloud computing needs of different modes (public, proprietary, mixed) and different types of cloud computing (SaaS, PaaS, and IaaS), because of their differences with the control and responsibility for security has a direct relationship.
All businesses in their own institutions for the environment in the cloud computing methods, and their business has a risk prediction and policy advice.
Support this and other security implications of cloud computing as a good source of information in the European Network and Information Security Agency (ENISA) recent publication of "cloud computing: benefits, risks and information security recommendations" in this article. Legal institutions also play here an important role. Liability is an important part of this analysis.
Fourth step: turn your SOA design and safety principles to cloud computing
Most of the number of agencies has been many years in their application development organizations in using SOA principles. Cloud computing is not the massive expansion of SOA it? Service-oriented cloud computing is to take the next logical step. Highly distributed SOA security implementation of the principles of security and centralized security policy management and decision-making combined with direct application to the cloud. When you focus shift to cloud computing from the SOA, when not required to re-invent anything. Transfer of these principles put the past on the line.
Fifth step: the same as thinking like a cloud computing provider
While most enterprises are starting to cloud computing as consumers themselves, but do not forget your body is part of the value chain: you to your customers and partners to provide services. If you can achieve the risk / reward balance, enabling you to consume cloud computing services, why not apply the same thinking to themselves as eco-system into your cloud computing provider? This will help you institutions to better understand cloud computing provider of what is happening.
Sixth step: know yourself and start using the Web security standards
Web security industry has long been the protection and management of cross-domain systems. This work has produced many significant already in use (or should use) to protect the safety standards of cloud computing. Security systems must use these standards in order to connect to play a role in the field of cloud computing. These include the Security Assertion Markup Language (SAML), Service Configuration Markup Language (SPML), Extensible Access Control Markup Language (XACML), and Web Services Security (WS-Security). SAML currently used to encourage the process of enterprise unified browser positive words: you have expanded your cloud computing security intelligence.
Enterprise cloud computing services to improve the security of one of the most important requirement is to ensure that security professionals is seen as a reasonable advocate of cloud computing, rather than opponents and skeptics. Appropriate balance, business-driven technology can be a risk / reward dialogue and a positive force for their own businesses to help improve the safety of the possibility of cloud computing.