How cloud security drives business agility

"Enterprise Network D1net" March 26 (compiled by Beijing)

Cloud computing is a unique opportunity to rethink enterprise security and risk management.

Cloud security has become a divisive topic in many businesses. Some people believe that cloud computing, as a business need, must keep up with rivals or become a tool for transforming the "Old World" it. Others, however, saw the cloud's daunting and dangerous security risks. For me, cloud computing is an opportunity to rethink, redesign, and implement information security and risk management to drive business agility.

Cloud Computing provides a unique change to the information management system, the adoption of automation. While most people regard automation as the cornerstone of cost savings and efficiency in cloud computing, automation is equally valuable to information security and risk management if not more. Looking at today's security issues, there is a flood of methods that are largely manual and disconnected.

1, the introduction of the business system, update faster than the security team to identify, analyze and track the speed.

2, sponsors in the design, development and operation of the implicit acceptance of a lot of risks, but only when the security and risk management, these risks will be alleviated.

3, the security policy mainly by the manual execution audit and the procedure to enforce.

4. It is untenable to extend today's information security and risk management issues to cloud computing speed, but doing so without reorganizing the corporate posture poses greater risks to the enterprise.

A successful approach combined with the refactoring of existing information security and risk management practices on cloud computing speed and scale operation Automation. The automation consists of four main components:

1, a reliable deployment of virtual systems, data-driven design of the execution engine

2, lifecycle-centric system management and operating tools

3, identify key issues and risks of automatic sensing and scanning system

4, can drive the planning, automated response and notification of the policy evaluation engine

This powerful combination of automated and refactoring information security concepts creates an environment in which the security requirements of cloud systems are encoded and enforced in a normative and positive manner.

This can be seen in an example of an enterprise that uses routine security systems and business application scans. The challenge of these scans is first to determine which systems to scan. This is often the most time-consuming process, but it is also a key factor in achieving success. Once identified, the system arranges the scans, then scans, and finally results are analyzed. The security team then communicates with the project/development/business team on issues and negotiates the schedule, risk acceptance, and extension issues.

IT security teams typically manage the entire scan process, which takes more time on the bureaucracy than on security. Because of overhead problems, these scans are usually performed when production or proximity to the production system. The scanning process is considered successful when every application or server in the enterprise scans every year.

In a cloud-centric operation, the system may run for hours or days in a row, which means that existing processes may completely miss the system. However, this gap may be mitigated by slowing cloud deployments to accommodate existing processes, a better strategy for correcting the cloud security scanning process.

For example, in agile cloud operations, a cloud management platform is aware of the systems created by each business and development team. Through automation and policy, each system is scanned at startup and reboot. Results can be automatically sent to the system owner and information Security Center. More importantly, scanning systems can be run in the early stages of system development, which makes it easier, cheaper, and quicker to make changes to the system. Further improvements are the ability to automate the separation of results into the hands of system owners who can take immediate action, as well as those that require further analysis by security experts.

By adjusting security scanners based on cloud computing, companies are able to take more agile strategies in the cloud-centric environment, move to more frequent scans, and conduct earlier, cheaper fixes. However, such gains will not be achieved without a solid foundation on the cloud management platform.

The infrastructure for deploying cloud management platform policies through rich automation can be assured that they have established governance, compliance, and configurable, automated, and enforced security. This ensures that the enterprise can operate on the basis of cloud computing speed and agility, knowing that information security is a part of the journey.