Article

Prasenjit Saha
Prasenjit Saha 6 May 2016

Best Practices For Technology Security Infrastructure Implementation

The structure of IT infrastructure is changing and with it, its security aspects. Gartner in its ‘Top Predictions for IT Organizations and Users for 2016 and Beyond’ reveals, ‘By 2018, 50 percent of enterprises with more than 1,000 users will use cloud access security broker products to monitor and manage their use of SaaS and other forms of public cloud…’

Yet, the security of the virtualized environment and the responsibility of ensuring regulatory compliance lie with the enterprise.

So, how do enterprises ensure security control over cloud data — its collection, storage, access, usage, transfer, and disposal? How can they ensure compliance with regulatory requirements?

Best practices dictate:

Control of input and access — Opt for cloud encryption CRM gateways, firewalls, inputs of only encrypted data. In parallel, put in place strict Identity and Access Management (IAM) protocols to address possible human-related vulnerabilities. Allow only vetted, authorized personnel both within the enterprise and in the cloud service provider organization, access to the enterprise cloud data. Also, check that data collected and uploaded follows defined standards and complies with applicable laws.Enterprises that have access to highly restricted and regulated data such as CJIS (Criminal Justice Information System Database) and HITECH (Health Information Technology for Economic and Clinical Health Act) and so on have stringent regulatory requirements to safeguard data.

Control of storage — ISO 27001 is a widely accepted certification to check the security of a physical data center. Conformance would mean that business threats are assessed and managed; physical security processes such as restricted/named access are consistently enforced; and, audits are conducted regularly at each site, including tests of security and CCTV planning andmonitoring. Adhere to similar high standards in assessment, management and audit of cloud data centers as well. Enterprises that fall under regulatory data residency requirements need to ensure that their cloud service provider is not offloading storage to overseas data centers according to traffic.

Control of use and transfer — Ensure checks at all points. Data from a protected server can lose its security layer by an inadvertent unchecked transfer into an unprotected server. Track data even within a private cloud, to safeguard against data exposure to unauthorized, possibly malicious insiders. Keep access control protection of all used servers active and patched up to date. Also, ensure compliance with applicable regulations. An EU directive currently places restrictions on the export of crucial data like Personally Identifiable Information (PII) outside the European Economic Area.

Control of disposal — The problem of data remnants arises from factors like the dynamic movement of data and shared apps/platforms. While regulatory bodies like the Health Insurance Portability and Accountability Act (HIPAA) have rules for the safe disposal of their digital media, the problem of residual data on the cloud is yet unregulated. Where possible, use crypto-shredding — the destruction of the encryption protocol to ensure that the data cannot be used. Else, work with the provider to wipe free space and ensure that the SLA with the provider covers this.

With the inevitability of cloud adoption for cost and convenience, enterprises need to understand the critical nature of cloud security issues and put in place appropriate strategies to address them.

Resource: Gartner, Inc., Gartner Reveals Top Predictions for IT Organizations and Users for 2016 and Beyond, 2015 October, accessed 2015 December, http://www.gartner.com/newsroom/id/3143718

Original Article

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 3 April 2024
Read more
The World Is Shrinking: 6 Degrees of Separation Is Now 2!

The World Is Shrinking: 6 Degrees of Separation Is Now 2!

Six degrees of separation is not just a party game, it's a reality. Everyone is the world is interconnected, and thanks to social media, that connectedness gets tighter and richer each day. See the research...

Scott Christley
Scott Christley 9 August 2017
Read more
10 Factors that Influence Customer Buying Behaviour Online

10 Factors that Influence Customer Buying Behaviour Online

Now is an era where customers take the center stags influencing business strategies across industries. No business can afford to overlook factors that could either break the customer experience or even pose a risk of...

Edward Roesch
Edward Roesch 4 June 2018
Read more
Cats and Dogs Boost Your Business By 300%. Here’s How.

Cats and Dogs Boost Your Business By 300%. Here’s How.

It’s the age-old question that has endured ever since the creation of the internet: are you a cat person or a dog person? Or do you love both cats and dogs? We have both dog lovers and cat lovers at Sortlist, so it...

Aline Strouvens
Aline Strouvens 27 August 2021
Read more