Al-Qasabi: Growing global adoption of digitization transforms trade into more efficient and reliable    89-day long winter season starts officially in Saudi Arabia on Saturday    20,159 illegal residents arrested in a week    Riyadh Season 5 draws record number of over 12 million visitors    GACA report: 928 complaints filed by passengers against airlines in November    Death toll in attack on Christmas market in Magdeburg rises to 5, with more than 200 injured Saudi Arabia had warned Germany about suspect's threatening social media posts, source says    Ukraine launches drone attacks deep into Russia, hitting Kazan in Tatarstan    Cyclone Chido leaves devastation in Mayotte as death toll rises and aid struggles to reach survivors    US halts $10 million bounty on HTS leader as Syria enters new chapter    UN Internet Governance Forum in Riyadh billed the largest ever in terms of attendance    ImpaQ 2024 concludes with a huge turnout    Salmaneyyah: Regaining national urban identity    Fury vs. Usyk: Anticipation builds ahead of Riyadh's boxing showdown    Saudi Arabia to compete in 2025 and 2027 CONCACAF Gold Cup tournaments    Marianne Jean-Baptiste on Oscars buzz for playing 'difficult' woman    Al Shabab announces departure of coach Vítor Pereira    My kids saw my pain on set, says Angelina Jolie    Saudi Arabia defeats Trinidad and Tobago 3-1 in friendly match    Legendary Indian tabla player Zakir Hussain dies at 73    Eminem sets Riyadh ablaze with unforgettable debut at MDLBEAST Soundstorm    Order vs. Morality: Lessons from New York's 1977 Blackout    India puts blockbuster Pakistani film on hold    The Vikings and the Islamic world    Filipino pilgrim's incredible evolution from an enemy of Islam to its staunch advocate    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



KSA enterprises need a multi-layer approach to public cloud security
Published in The Saudi Gazette on 09 - 10 - 2016

SECURITY has long been the principal fear that weighs on cloud investments. While perceptions are improving, Intel Security's recent State of Cloud Adoption study found that data breaches remain the biggest concern of companies deploying Software as a Service (SaaS), Infrastructure as a Service (IaaS), and even private cloud models. A 2015 survey by Crowd Research Partners found that nine in 10 security professionals worry about cloud security.
These concerns, however, are not stopping enterprises in KSA and across the globe from investing in the cloud. The Intel Security study found that while the survey shows that confidence in cloud security is increasing, only one-third of respondents believe their senior executives understand the security risks.
Organizations need to take a protect-detect-correct approach to security and to that end, investments in cloud security should be commensurate with the level of migration to cloud services. But budgeting for security in the public cloud is distinctly different than planning for on-premise prevention. One fundamental shift is that cloud providers use a "shared responsibility model" that spreads risks between vendor and customer.
Another difference, customers don't buy the same mix of products and equipment to secure the cloud that they do in the data center.
Budgeting for security in the public cloud begins by considering which applications and infrastructure components will live there. Some, like website hosting and document serving, are of relatively low risk and don't demand the most stringent safeguards. Also consider the consumption models you'll use. SaaS providers generally assume responsibility for security and the application and system levels. However, IaaS providers tend to cede those responsibilities to the customer. What's more, no public cloud provider is likely to assume responsibility for user access and data protection, although there are measures they can take to support your own efforts.
There are three levels of security to consider as you build out your public cloud strategy:
System-level security for IaaS
This is secured plumbing: systems-level components such as operating systems, networks, virtual machines, management utilities and containers. Here, you want to invest in cloud providers that make it easy for you to keep your systems current with the latest patches and updates. The service provider should also provide thorough visibility into your cloud instances so that you can see all instances that are running. One of the challenges of public cloud is that it's so convenient to spin up new VMs and containers that you may forget to shut them down later. These so-called "zombies" are latent security threats because they present potential attack vectors into more business or mission critical systems.
If you plan to use containers, as a growing number of enterprises are, be diligent about the level of security protection they offer. The market for containers is still immature, and security – while improving – is considered one of the technology's weakest areas.
Remember, you are responsible for system-level security in your Infrastructure as a Service (IaaS) and Platform as a Server (PaaS) instances. Integrating these security controls and reporting in with your on-premises systems will create efficiencies. Be sure to include the appropriate controls for the type of server employed. These may include tools such as intrusion prevention, application control, advanced antimalware solutions and threat detection. These should all be centrally managed for visibility and compliance in addition to policy and threat intelligence sharing with your on-premises infrastructure.
Application-level security
This level is primarily about identity and access management. Your best investment here isn't financial; it's a policy that limits the ability of users to deploy cloud applications without IT's knowledge.
After ensuring policies are in place that offer IT visibility, the next step is to invest in multifactor authentication and identity management. The first approach uses two or more devices or applications to permit access.
Identify management locks down application access by requiring users to authenticate through a secure resource such as LDAP or Active Directory. If your organization already uses a directory, consider investing in cloud brokering software that supports single sign-on so that users can authenticate to all their cloud services through their local directory. This gives IT complete visibility and shifts access control from the cloud service to your own IT organization. Consider also investing in a secure VPN tunnel so sessions are never exposed to the public Internet.
Data-level security
This level of protection involves securing the data itself. No cloud provider will take responsibility for your data, but there are solutions you can purchase to help.
Many cloud providers, for example, offer encryption as a standard option, but you may be surprised at how many do not, or who encrypt data only part of the time. Anything less than 256-bit encryption is considered inadequate these days.
More important is that you have full control of the encryption keys. If a cloud provider insists on owning them, you have no guarantees that your data will be safe. Seek another provider.
In addition, make sure your data is unencrypted only when in use. Some providers require that data be transmitted to their facilities in plain-text format. That's a security risk.
Whatever cloud provider you adopt, make sure their security guarantees spelled out in their contract and SLA. A good contract should spell out exactly what procedures will be employed, along with any penalties the provider will face for non-compliance, how they will report upon it, and how you can audit to ensure your contractual terms are being met. A strong SLA ensures that you have a ‘cloud-first' integrated approach to security and don't simply toss the keys to your cloud provider as you're walking out the door.
* The writer is vice president & chief technology officer, public sector, Intel Security


Clic here to read the story from its source.