Cloud security threats, tips and best practices
by Mirko Zorz - Tuesday, 8 July 2014.
What security best practices should an organization implement when moving to the cloud?

It’s extremely important that you provide protection for the entire application stack running on virtual machines – throughout the system, network and application levels. Relatively few security vendors today support cloud deployments well, so it’s important to ask the right questions beyond “can you deploy in the cloud?” How they deploy and whether they support cloud-specific use cases is much more important.

One of the biggest mistakes we see IT security teams make is to fail to prioritize the most important business or operational requirements in designing the security requirements for a given application deployment. A simple example – if your application team has a requirement for auto-scaling, then this must become the ground-floor requirement for your security toolkit as well. Otherwise, cloud deployment will move forward, but security will be left behind, which happens all too often.

How should organizations tackle security risk management when considering cloud service providers?

One of the first steps is choosing a cloud provider that offers the style of service that fits your business. For some businesses who prefer control and have the expertise to manage their own environment, cloud providers like Amazon or Azure have security partners with the capability to extend their own services dynamically for customers of those cloud providers. For businesses that need better support and an ability to outsource management of the entire application environment, a cloud provider with deep roots in managed hosting, such as Rackspace or Datapipe, might be a better choice. There are security options available in each of these cloud environments, but even the best security capabilities are ineffective if you can’t deploy and manage them.

Spotlight

Cloned, booby-trapped Dark Web sites steal bitcoins, login credentials

Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jul 3rd
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //