1. Confirm Existing Foundation control
Basic control is the core of enterprise safety concept. They contain nearly 60 security controls that protect your enterprise's most important assets. They focus on ensuring that cloud technology is applied to your business and that your operations are in compliance with security controls.
2. Focus on workload
Cloud security, corporate credit is directly related to workloads. Each workload has unique considerations, such as management factors and user dependencies. By focusing on workloads, you can develop a more targeted security plan that provides more secure coverage than traditional operations.
3. Early consensus-building
Many times cloud technology is not valued by partners. As a result, important security details can be overlooked, leading to problems with consolidation and availability. The key to successful implementation of cloud security is for project stakeholders to have a good idea of the pros and cons.
4. Implement a risk mitigation plan
Cloud deployments often involve some internal and external parties. Companies should develop a documented risk mitigation plan that allows administrators and employees to quickly handle problems in the cloud. The plan should include risk documents, responses to these risks, and should also include education and training.
5, do not forget the image management
Many cloud applications will use virtualization functionality. Enterprises should implement image storage management process to ensure that only the appropriate images are active and available. It is also important that all deployed images be properly identified and managed to prevent image expansion.
6. Conduct Safety Assessment
Cloud computing is complex. Before migrating cloud technologies, organizations should first assess the security vulnerabilities of applications and infrastructure and ensure that all security controls are in place and functioning properly. Ethical hackers are just a helper, and companies should check their cloud applications for common vulnerabilities.
7. Make full use of security services
New security services are already on the market, and in similar products it enables the enterprise to achieve optimal security without the usual overhead. For example, intrusion prevention, access and identity management, and security event Log management provide an opportunity for enterprises to abandon existing resource pressures to achieve security objectives.
8. Develop a flexible plan
As companies adopt cloud-based technologies, they should also look at their resilient needs. No technology is perfect, and so is cloud computing. Ensuring workloads, if you want to recover quickly in a disaster or attack, is a critical step. Be careful to ensure that the workload can be recovered at any time, with minimal impact on business continuity.
9, active monitoring performance
Failure to properly monitor the implementation of the cloud can result in performance satisfaction and security issues. Implement active monitoring programmes to identify any threats that might affect the success of the cloud implementation.
10. Follow the cloud lifecycle model
Security is not just a matter of time, it needs to be sustained, and the enterprise must be diligent in cloud technology management and Periodic review of security.
11. Evaluate Suppliers
To analyze the company's ability to disseminate those types of controls that are of the same type as physical security, logical security, encryption, change management and business continuity, and disaster recovery. Also, verify vendors that involve processing such as proven backup and disaster procedures.
12. Consider a hybrid security model
Mix the services provided in the cloud with the out-of-the-box services. This helps ease the pressure of data protection, privacy protection.
"Edit Recommendation"White hat on cloud security: Google driving in the forefront of the hacker dances! Cloud Security Cloud Security Web site protection system in need of understanding "Lee Ghost" rampage for Cloud security, Fang, what do you think? Cloud Security makes your cloud a timely "responsible editor: Xiao Yun TEL: (010) 68476606"