How to safely migrate and maintain cloud services

More and more, CIOs (Chief information Officer) and CSO (Chief Security Officer) are assigned the task of moving the core business to the cloud, at least these are the headaches and challenges for safety professionals, How to quickly form a set of security specifications that can be followed is a challenge. Another problem that has arisen is that while most businesses are already using network security specifications, these specifications are traditional third-party security vendors for traditional security, and often some are not really suitable for cloud services.

But cloud maintenance differs from traditional third-party solutions, such as security controls in the vendor-owned cloud, where security professionals are typically responsible for managing and maintaining critical security controls. For example, an enterprise, as a cloud service provider of PAAs (platform-service), is generally responsible for the security of the application itself. The PAAs cloud service provider will be responsible for supporting applications for fixed platforms and infrastructures. It is essential to have a clear picture of who is in charge of which components and the required level of security, while being flexible enough to accommodate these different service patterns.

First, you need to establish a framework:

Building the security of the cloud requires creating a rule to review, approve, and manage the cloud service provider. Here I give an example of a business:

In order to develop this framework, business, technical and security requirements need to be gathered with the relevant personnel first. It then analyzes the details of the cloud service provider's storage and handling of the data. After you have fully understood this, you can use existing enterprise security policies and standards to add additional content to match the cloud environment. The prerequisite for the formulation of the strategy to be flexible enough, in response to a number of unexpected situations can be relaxed.

Once a strategy has been developed that fully meets the Cloud security framework (Cloud), it is important to discuss how to perform effectively at the enterprise meeting, to communicate the importance of the framework and to discuss how the enterprise adjusts existing security policies to the cloud framework. Once the framework is adopted by the enterprise, it is not only the IT department, the entire business unit of the enterprise can use the business, the final enterprise all the business platform all migrate to the cloud, and this framework can unify all staff's operating specifications, thus ensuring the security and stability of enterprise data in the cloud.

Security management for cloud services:

In addition to applying the cloud security framework, enterprise IT personnel should immediately review the security of the cloud service provider, test the reliability of the cloud provider's services, and resolve the problem if a similar service outage or employee usage issues can be resolved.

Security engineers will also be in time to track the problems arising from the work, although the enterprise uses cloud services to store and process a large number of file data, but the cloud services are always unstable, timely synchronization of data to the local, and the management of these data becomes critical.

The best way to solve this problem is to work together with a cloud service provider to develop a program to review, approve, and manage. This scenario requires the cloud service provider to allow the security personnel of our enterprise to have a deep exposure to the cloud service provider's technical process so that the vendor's business can be modified by the cloud security framework. In the process of using cloud services, collect the employee's evaluation and problem to the service, also can collect the opinion through the form of the adjustment questionnaire, through the aggregated information and the cloud service provider to coordinate the communication, can solve the enterprise's demand problem, on the other hand can improve the usage experience of the cloud service provider product.

In the use of the process, timely collection of staff in the cloud security framework for the implementation of the business operation vulnerabilities to deal with, to avoid corporate sensitive data leakage.

By leveraging the knowledge you know and leveraging existing technologies, as a security professional, you can respond quickly to any business requirement while minimizing the risk of core applications to the cloud environment. This solution not only allows us to conduct timely stability reviews for cloud providers, but also provides an application to manage our own cloud services, so that our enterprise data can still be protected in the cloud from the same local.