Wavestone
Wavestone

Despite security concerns, the mass migration of IT services to the cloud will be an inevitable macro-trend.  The value proposition is just too compelling: cloud computing is evolving into a utility. 

If anything, the recent Edward Snowden saga only goes to show that regardless of tools, technology, policies and procedures, your security measures can only be as good as the people you employ to follow or enforce them.

So what message does that translate into for enterprises already worrying about security in the cloud?  Observations: 

  • Private clouds are not necessarily more secure then public clouds (i.e Amazon). Private clouds are only as secure as the people and processes supporting them.
  • A common approach to improving security is to virtualize security controls, but that in turn adds another layer of abstraction to a key component of the overall cloud environment.  More abstraction means less visibility.  Thus the underlying trust relationship with the provider is key.
  • Now that cloud providers have become responsible for much of the security apparatus, the cloud customers should take it upon themselves to check the qualifications of the cloud providers’ security personnel – their architects, coders, operators and policy makers.  The practice of “trust but verify” should apply both to the vendor’s people as well as their processes and technologies.
  • A key subset of the vendor’s personnel that demand scrutiny for security reasons are those with administrative access to the customer’s assets.  Cloud has introduced this new tier of privileged users whose oversight and even hiring should be monitored as if they were in-house personnel.
  • Another common approach to enhancing security is to ask the cloud provider to contribute more to security monitoring processes and making SIEM (Security Information and Event Management) data more available.  But that still means the customer should inquire about the provider’s handling of the logging and execution of their monitoring processes.
  • At the very front end of the provisioning process, risk prevention means careful screening of workloads before deciding whether they are appropriate for migration to the cloud (mission-critical or sensitive data workloads demand more isolation.)  But isolation can never substitute for people’s compliance.  So it still boils down to the people.
  • Finally, self-provisioning means governance and training are critical before the end users are empowered and set loose to decide for themselves or to gain access to the cloud.

While technology is a very important component, managing the people component is just as, if not more, vital to security.

To learn more about what Wavestone US can do for your company, visit http://www.wavestone.us/capabilities/.

Wavestone

Our team is a blend of high-quality talent from all levels who can tackle your most complex issues with a fresh approach. With a globally connected network of 4,000 employees, Wavestone is designed to help you get results. All our consultants thrive on complex challenges, enjoy blazing new trails, and are committed to your organization’s success.

6 Operational and Strategic Benefits of GenAI-Driven Tech Procurement

Nov 30, 2023

The procurement of technology services stands at a fascinating crossroads, with the introduction of generative AI marking a transformative shift in how organizations approach this critical function. Read our blog for 6 key operational and strategic capabilities enabled by GenAI-driven tech procurement.

Navigating Complex Procurement: 5 Challenges and Best Practices

Nov 23, 2023

Effective procurement drives efficiency, cost savings, and supply chain reliability, and comes with its fair share of complex challenges. Overcoming them requires a multifaceted approach integrating strategic thinking, innovative solutions, collaboration, and proactive risk management. Read our blog for a detailed examination of 5 major procurement challenges and top-line strategies for success.

Have a Question? Just Ask


Whether you're looking for practical advice or just plain curious, our experienced principals are here to help. Check back weekly as we publish the most interesting questions and answers right here.

Ask Wavestone