Public Company Accounting Reform and Investor Protection Act

Compliance Journal

Subscribe to Compliance Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Compliance Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Cloud Security Cloud Encryption Cloud Computing  SA cloudcomputingsecurity Cloud Computing Security Needs: 7 Steps to Migrate to the CloudIn 2008, the size of the cloud computing industry was $46 Billion. That is more than the GDP of Costa Rica! Think it’s a lot? Ready to jump on the cloud security bandwagon? That was 2008!

In 2014, the size of the cloud computing industry has more than tripled to $150 Billion – almost the GDP of New Zealand. NOW are you ready?

Besides the fact that everyone else is doing it, migrating to the cloud just makes good business sense. Whether you select a private cloud, a public cloud, or some hybrid of the two, cloud computing is just more powerful than traditional datacenters. There are several reasons for this. First, the reduced capital costs of IT infrastructure – no need for hardware, software, and manpower (and training) to manage them. Also, there is the improved accessibility, effectiveness, flexibility and scalability of the cloud.

But with great power comes great responsibility.

When migrating your business data to the cloud, you must ensure the safety and privacy of your records.

Much like data security was your responsibility in the datacenter, it continues to be your responsibility in the cloud. But, if you don’t know where your data is physically located can you still ensure its confidentiality?

Cloud Computing Security Needs

To ensure the transition is a safe one, migrating to the cloud requires special cloud computing security needs. Because the walls of the datacenter are no longer there to protect your data in the cloud, there are seven best practices to use that will ensure your safety.

1. Understand which business data is migrating to the cloud

Do you post pictures on Facebook? Ever made an online payment with Paypal? How many messages are in your Gmail inbox?

Guess what? You already have sensitive information in the cloud.

But your business data requires more security than pictures of your pet on Instagram or a Happy Birthday email to Grandma.

Some businesses are regulated by standards like HIPAA for healthcare, PCI DSS for financial transactions, or SOX for publically traded companies. These regulations specify what kind of sensitive information must be protected (and how to protect it) in the cloud.

If your industry is not regulated, just ask yourself – would you want your data available to hackers, competitors, and government entities?

The kind of data that you do not want them to have is the kind of data that needs strong cloud security.

2. Understand the responsibilities of cloud providers

You will likely be using a cloud service provider to store your data in the cloud. Make sure you read the policies in their contract, terms of service, and privacy policies.

For example, what kind of hardware and software is in place to protect you? Firewalls? Antivirus? Does everything get automatically updated regularly?
Has there ever been a breach?
How are cloud providers’ employees screened? Who will have access to your data?
How does the cloud provider handle subpoenas for your data? Requests from government agencies?
What happens to your data after you discontinue your agreement with the cloud provider?

There are no right or wrong answers to these questions, but the answers you are given will help you realize that you must protect your own data and cannot rely on anyone else to do it for you.

3. Encrypt your data

Once you have a firm grasp on the concept that you should enact a Zero Trust Policy with regard to the data you store in the cloud, you will realize that you must use the strongest possible encryption to protect it.

Encrypted properly, your data, even if stolen or misplaced, cannot be used…

4. Split the encryption key

Your encrypted data cannot be maliciously used, unless, of course, your encryption key is stolen or misplaced too.

The only way to truly protect yourself from this scenario is to maintain control of your encryption keys. And the only way to maintain such control in the cloud is with split key encryption.

When you control your own key, no one else can access your data.

5. Encrypt the key

No one else can access your data, of course, unless they steal your key while you are using it.
Even when you split the encryption key, you will still need to use both parts to access your data store. So how do you make sure that the key cannot be stolen while it is in use in the cloud?

Use homomorphic key management to encrypt the encryption key. This way, even while it is in use, it never appears in the cloud in its unencrypted state and cannot be compromised while in use.

6. Backup data and encrypt the backup

Certainly, you back up your data regularly, right?

In the cloud, you must make sure your backups are as secure as your “live” data.

Therefore, repeat steps 3-5 for your backups.

7. Prepare for the worst

Regulations demand that you prepare for the worst. Good business practice dictates the same. Before you get in the car, you make sure you are properly insured and buckle your seatbelt to prepare for the worst. When you migrate to the cloud, you encrypt your data, split the key, encrypt the key, back up your data, have a disaster recovery plan in place, possibly even purchase a data protection insurance policy.

In regulated industries, preparing for the worst provides you a “Safe Harbor” in case of a breach, attack, or accident.
Going through these seven steps will ensure that your cloud migration is a safe one. You will be able to begin reaping the benefits of cloud computing without the associated risks of poorly managed or easily breached cloud security.

The post Cloud Computing Security Needs: 7 Steps to Migrate to the Cloud appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.