Cloud security threats, tips and best practices
by Mirko Zorz - Tuesday, 8 July 2014.
What security best practices should an organization implement when moving to the cloud?

Its extremely important that you provide protection for the entire application stack running on virtual machines throughout the system, network and application levels. Relatively few security vendors today support cloud deployments well, so its important to ask the right questions beyond can you deploy in the cloud? How they deploy and whether they support cloud-specific use cases is much more important.

One of the biggest mistakes we see IT security teams make is to fail to prioritize the most important business or operational requirements in designing the security requirements for a given application deployment. A simple example if your application team has a requirement for auto-scaling, then this must become the ground-floor requirement for your security toolkit as well. Otherwise, cloud deployment will move forward, but security will be left behind, which happens all too often.

How should organizations tackle security risk management when considering cloud service providers?

One of the first steps is choosing a cloud provider that offers the style of service that fits your business. For some businesses who prefer control and have the expertise to manage their own environment, cloud providers like Amazon or Azure have security partners with the capability to extend their own services dynamically for customers of those cloud providers. For businesses that need better support and an ability to outsource management of the entire application environment, a cloud provider with deep roots in managed hosting, such as Rackspace or Datapipe, might be a better choice. There are security options available in each of these cloud environments, but even the best security capabilities are ineffective if you cant deploy and manage them.

Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //