2013 Cloud computing security is the key to industry

Gartner predicts that by 2015, 10% of the IT Security enterprise features will be delivered via cloud computing. For cloud computing security, there is a greater tendency towards communication, web security, and remote vulnerability assessments, but in the future there will be more technologies, such as data loss protection, encryption, and authentication, to support the maturing development of cloud computing.

Cloud computing security is changing rapidly, which could affect the traditional business relationships of IT security providers with their value-added distributors. But the overall trend will drive more hosting security service providers to use cloud delivery. In addition, Gartner predicts that there will be many merger and acquisition activities related to cloud security throughout the 2013.

The federal government is implementing the so-called FedRAMP program to accommodate the deployment of external federal cloud services, which will also increase the utilization of the cloud services by federal agencies. Gartner predicts that by 2016 the public cloud infrastructure would be the subject of "key National infrastructure regulations".

Gartner points out that more and more people are using cloud computing, and the downside is that service continuity needs to be improved, and over the past few years we've seen a variety of service outages that could have a "waterfall" effect on thousands of businesses.

Gartner's prediction of IT security is not just about cloud computing and IT security. Network virtualization is in the midst of ongoing transformation, and Gartner predicts that by 2015, 20% of the VPN firewall market will be deployed as a hypervisor, rather than as a physical security device.

The fact that cloud security needs to be considered is that many service providers are still just entering the cloud market, and many of the newly established companies entering the Enterprise cloud computing market, and even some older companies, have no relevant it, data management, or security experience before. "said Jerry Owen, chief information officer of Prescient FX, an IT service provider at Illinois State in Fort Lauderdale.

"As a result, users who don't have the knowledge of cloud computing and many small and medium-sized businesses looking to buy simple cloud services will only compare system pricing and some flashy features, rather than the security, fault tolerance, and integrity of cloud computing." "Owen said.

Better list of hints for deploying cloud security

1. Understand your own and your cloud provider's infrastructure. The less you know about your vendor's settings, the more likely you are to be passive.

2. Ask your security and legal team to review the contracts signed with your cloud service provider. Confirm that it is legally binding on security assurances.

3. Study your supplier's service level agreement. Make sure that you can monitor your application and that the service provider will notify you the first time in the event of a security breach.

4. At the time of conclusion of the contract, the relevant employment policy of the supplier and the practice of employee supervision are consulted, as the malicious attacks of internal personnel often imply security risks.

5. Study security control solutions and ensure that cloud providers are in the right place for effective control. Also, learn how vendors handle violations.

6. Be aware that your business is ultimately responsible for the confidentiality and integrity of the system. If possible, perform a periodic penetration test based on cloud systems with the help of the supplier to identify vulnerabilities.

7. Deploy your own security tools, such as complex passwords, data encryption and data access management software, and integrate the cloud infrastructure.

Define a complete risk environment for all IT assets, mobile systems, applications, or data that move to cloud computing. Risk assessment includes not only cost savings or related mobile expenditures, but also the impact of potential losses and downtime, critical business systems or confidential information such as financial data and intellectual property rights may be too sensitive to be moved to publicly accessible cloud computing systems. For cloud computing providers, there is a need to be more diligent about the drawbacks of existing architectures. "Gilmour said. "While it involves a quick deployment solution, I also believe that vendors need to conduct due diligence on their customers to ensure the security and reliability of the data and resources involved."