According to industry experts, many companies also hesitate to the cloud environment in the data integrity, recovery and privacy, the rules of compliance.
At the Gartner Security and Risk Management Summit, Verizon Business offers the following tips to protect data and network security.
Evaluate your goals
When deciding to migrate your IT services to the cloud, understand what business goals you want to achieve. Typical goals include reducing the time and effort to release new applications, increasing the ability of enterprises to respond to business needs, and reducing capital investment.
Implementation pros and Cons analysis
After determining the business objectives, it is also determined whether the cloud transfer decision is appropriate for the business objectives. Consider the following questions: Where can the data be compromised? If cloud services fail, which part of the process suffers?
Give due attention to
Once the enterprise chooses the cloud model, it is necessary to select the mode to be deployed--public cloud, private cloud or mixed cloud--specific analysis, the most important is suitable for the enterprise's own needs.
Choose wisely
Choose Partners in both it and security services to deliver services through the cloud. The ability to verify its risk reduction is part of the vendor safety assessment. Choose a service provider that integrates it, security, network services, and strong performance support. Neutral Third-party agencies can provide guidance for selecting such suppliers. Cloud Services Alliance not only provides a good example of security for the use of cloud services, but also provides a list of many cooperative objects.
Protecting data
Consider the suppliers carefully. The biggest threat to cloud security is data loss and leaks, according to the Cloud Security alliance. Therefore, it is critical that vendors can effectively protect sensitive data.
Evaluate suppliers
To analyze the company's ability to disseminate those types of controls that are of the same type as physical security, logical security, encryption, change management and business continuity, and disaster recovery. Also, verify vendors that involve processing such as proven backup and disaster procedures.
Consider a hybrid security model
Mix the services provided in the cloud with the out-of-the-box services. This helps ease the pressure of data protection, privacy protection.
Attention to Obedience
If compliance is not possible, then investment in the cloud and security is not up to our expectations. In addition, many rules, such as PCI data security standards, include the promotion of company security posture, communication rules with cloud providers and compliance with suppliers.
Cloud computing has brought many tangible benefits to the enterprise, and it is obviously undesirable to refuse to use the cloud simply because of security concerns. Although security concerns do exist, we can also prescribe the right remedy and actively deploy risk management without talking about cloud color change.