Tips: Six steps to improve the security of enterprise cloud computing

Companies-cloud computing consumers-must strive to improve the security of cloud computing. Most discussions around cloud computing security focus on what cloud providers should do. Data and application services are available in the provider. But businesses need to keep in mind that they are responsible for the big, in some cases, the biggest cloud-computing security. Companies must never forget that they will face most of the blame if a security breach takes place. An enterprise is, after all, the entity that collects data.

Cloud computing security is best seen as a shared responsibility between cloud computing providers and businesses. The line between the two is now a little blurry. This boundary is directly dependent on the type of cloud computing model applied, ranging from software to services (SaaS), platform to Service (PaaS), and infrastructure as service (IaaS).

At one end of the spectrum, SaaS is close to a security black box, and application security activities are largely invisible to the enterprise. At the other end of the spectrum is IaaS, where businesses are primarily responsible for the security of applications, data, and other levels of infrastructure stacks.

What should companies do to improve security in a cloud computing model and prepare to reap most of the benefits of this cloud computing? Here are six steps to take:

First step: Understand your existing in-house proprietary cloud computing and your security systems and processes around these resumes

Yes. You already have internal cloud computing. In the past 10 years, midsize and large enterprises have built internal cloud computing, although they do not call it cloud computing. These internal cloud computing is often referred to as shared services such as identity services, configuration services, database services, or enterprise data centers (hosted on fairly standardised hardware and operating systems).

Step two: Assess the risks and importance of many of your IT-implemented business processes

While the potential return on cost savings from migrating to cloud computing is relatively easy to calculate, it is not possible to calculate "risk and reward" without first-hand understanding of the risk of the equation. Cloud computing providers cannot perform this analysis for an enterprise because it is entirely dependent on the business environment of the business process. The relatively high cost of low-level service-level protocol applications is clearly the first choice for cloud computing. As part of this risk assessment effort, it is necessary to consider the potential regulatory implications, as some data and services are not allowed to migrate outside the site, outside the state, or outside the country, as required by the regulatory authorities.

Step three: Study different cloud computing models and types

Businesses need to look at different cloud computing models (public, proprietary, mixed) and different cloud types (SaaS, PAAs, and IaaS) because their differences are directly related to security controls and accountability.

All companies have an opinion and policy on this cloud computing approach in their own institutional environment and their own business risk forecasts.

A good source of information that supports this issue and other security implications of cloud computing can be found in the recent article "Cloud Computing: Benefits, risks and information security recommendations" published by the European Network and Information Security Agency (ENISA) publication. Legal institutions also play an important role here. Legal liability is an important part of this analysis.

Step Fourth: Apply your SOA design and security principles to cloud computing

Most institutions have used SOA principles in their application development organizations for many years. Isn't cloud computing a massive extension of SOA? Cloud computing is just a service-oriented approach that takes the next logical step. The SOA security principles of highly distributed security implementations are combined with centralized security policy management and decision-making to directly apply to cloud computing. When you shift your focus from SOA to cloud computing, you don't need to reinvent anything. Just transfer these principles to the past.

Step fifth: Think Like a cloud provider

While most companies start to use themselves as cloud computing consumers, don't forget that your organization is part of the value chain: you provide services to your customers and partners. If you can achieve a risk/reward balance and allow you to consume cloud services in a profitable way, why not use the same mindset as a cloud provider for entering your ecosystem? This will help your organization better understand what is happening in the cloud computing provider.

Step sixth: Become familiar with yourself and start using Web security standards

The web security industry has been studying the protection and management of Cross-domain systems for a long time. This work has produced many meaningful security standards that are already in use (or should be used) to protect cloud computing. Security systems must use these standards to play a role in the area connected to cloud computing. These standards include Security Assertion Markup Language (SAML), Service Configuration Markup Language (SPML), extensible Access Control Markup Language (XACML), and Web Service Security (WS). The positive thing about using SAML to encourage the enterprise to unify the browser process is that you have expanded your cloud computing security IQ.

One of the most important requirements for companies to improve the security of cloud computing services is to ensure that security professionals are seen as legitimate advocates of cloud computing, not opponents and sceptics. Properly balanced, business-driven technologies can be a positive force in the risk/return dialogue and help improve the likelihood of cloud computing security for your business.