Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Advice On Proactive Cloud Security Management

Axway : 10 March, 2010  (Technical Article)
Axway explains how passive approaches to securing the cloud will not provide enough protection and offers some guidelines on preparing for using cloud models in a secure fashion
Axway has issued its top three proactive considerations for cloud security. Cloud Computing is the CIO's second-leading technology priority, as found in Gartner's 2010 CIO Survey. As organisations consider cloud benefits, however, they also must confront related security questions as data moves between cloud and on-premise environments.

Axway has developed key cloud data security considerations to enable proactive control of data security as IT processes move to the cloud:

* Revisit Cloud Security Expectations - Organisations must have the same expectations for data security in the cloud as for on-premise and expect vendors to work with them to meet these expectations. Cloud security strategies to date have remained passive, largely consisting of directing organisations to ask questions of cloud providers about how they secure access to data. Moreover, cloud providers often overlook internal data security, rather focusing merely on perimeter and data centre security.

* Make use of On-Premise "Command and Control" - Many cloud vendors only provide vague assurances of data centre perimeter security, but offer no guarantees on who can access sensitive customer data. This means enterprises must be able to extend their internal access control and data loss prevention policies to cloud applications. Key considerations include:

- What type of information will be exposed in the cloud? Who can access it and how is it segregated between unsecured parties?
- Who has rights to send and receive sensitive information outside the organisation?
- What data should be prevented from leaving the organisation to begin with?
- How should data be sent? In the clear? Or with policies to encrypt specific data?

* Consider 'Private Cloud' Models - Multi-tenant cloud applications can be inexpensive but do not assure the segregation of data, or the visibility required for corporate governance and regulatory compliance. Private, single tenant applications in the cloud can still offer many of the advantages of cloud computing, while limiting the security risk.

"Enterprises have spent years establishing effective internal security, but the rapid shift to cloud-based applications raises many challenges," said Taher Elgamal, chief security officer at Axway. "Axway is leading the industry's thinking on extending on-premise data security controls to the cloud, enabling enterprises to rest easier as their business interaction networks move to take advantage of cloud computing's advantages."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo