Leverage innovation to deliver agility, driving results.
Transitioning to or implementing a cloud solution or strategy can seem daunting. Which cloud solution or solutions are right for your organisation? What are the best practices for security? Are you equipped technically to accommodate the solution, and do you have the domain knowledge to manage the cloud computing solutions you implement?
The reality is that it is likely that there are departments within your organisation that have already adopted one or more Software-as-a-Service (SaaS) solutions. So how do you secure and leverage cloud computing solutions to create and adopt a successful strategy? Effective methodologies that incorporate best practices in planning, deployment and operation can help lay the foundation for your cloud solution deployment and management.
Key security and risk management concerns that are barriers to adoption of cloud computing include the following:
- Risk assessment - On which clouds and devices is my sensitive data residing?
- Governance - How do I achieve compliance (e.g., PCI) in an environment where my information and applications are distributed across many clouds?
- Managing entitlements - Who has access to my sensitive data, from which devices, and from which locations? Is this access permitted, and do I have visibility of when it is exercised?
- Devices - Are employee devices sufficiently secured to access corporate data and applications?
The key security constructs (on the basis of which security policies will be defined and enforced) are infrastructure, information, identity, and end-user devices. Residing on a combination of public clouds and on-premise virtualized infrastructure, workloads are decoupled from their underlying infrastructure. In the borderless enterprise, flexible and secure information controls require policies that use rich information classification models, federated identities, and context–based authorisation.
- CAAS – Compliance as a Service
- MSSP – Managed Security Services, leveraging cloud infrastructure and leading global vendor security analysis
- Mobility – leveraging world class solutions in the cloud to deliver agility without the overhead
- Monitoring services – comprehensive visibility into infrastructure, managed 24x7 with SLA’s
- MESS – Managed Endpoint Security as a Service
- WSS – Web Security as a Service
- AAS - Application Security as a Service
- Virtual security strategies