An intertwined cloud and security IT strategy has never been more important than in this era of data breaches, as headlined in a recent InfoWeek article, “What the cloud can learn from the data-breach epidemic.”
It is crucial that enterprises build a secure cloud plan ahead of time with an understanding of risks as well as workloads. As discussed in Verizon’s “What Makes a Cloud Secure?” white paper, layered security is a cloud blueprint fundamental from the get-go. At the heart should be consistent and systematic risk management to protect workloads moving through cloud environments. Additional pressures come from the prevalence of employees using their own devices, plus millions of data collection points created by Machine-to-Machine and the Internet of Things technologies.
What is a Secure Cloud?
For some, layered security may require a shift in thinking (and infrastructure), but it is essential to head off potential issues. A secure cloud is grounded in three fundamental themes:
- Strong logical and physical controls that provide a secure base on which to build
- Governance and controls that create standardized, repeatable processes to streamline operations, help make the cloud stable and reliable, and maintain strong security for data and apps
- Outside value-added security services from vendors entrenched on the data breach front lines so enterprises can expand their security posture
Verizon just announced plans to launch a unified data protection service based on the Actifo Sky virtual appliance. Available in Q3 2015, it will provide seamless data protection across the entire cloud continuum—from the data center through private, hybrid and public cloud infrastructures.
Building a Secure Cloud
To build a secure cloud, enterprises must embrace an end-to-end strategy, reinforced by IT infrastructure and services that offer:
- Purpose-built data centers for all workloads – All cloud security starts with physical servers and the network. Sophisticated systems and redundancies must be in place to protect sensitive workloads moving from on-premises to a cloud environment and back again.
- Intelligence-driven defense solutions – It is often a stretch for internal IT to have the manpower or expertise to investigate and thwart the deluge of data breach threats and incidents. Make sure your cloud partner of choice has proven risk management services, such as Verizon’s Cyber Intelligence Center, which tracks billions of security events each month.
- Support suited to specific business needs – Specialized expertise and support is at the heart of any data protection and disaster recovery solution. Partner with cloud providers that offer service tiers that align support levels with workload demands and business needs.
In the end, a successful enterprise cloud security strategy will be most effective when backed by insights and intelligence to move from a reactive to proactive stance. Verizon's Data Breach Investigations Report helps identify the primary threats and security risks common to specific industries and the best actions to mitigate those threats. Take a look at the 2014 report and stay tuned for the 2015 DBIR, to be released in April.
