Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Security Journal Authors: Mehdi Daoudi, John Walsh, Liz McMillan, Elizabeth White, Pat Romanski

Related Topics: Cloud Computing, Security Journal

Blog Post

Three Steps to Enable Rock Solid Cloud Security By @IanKhanLive | @CloudExpo #Cloud

Key aspects for creating a solid organization, keeping cloud security in perspective

Three Steps to Enable Rock Solid Cloud Security

Cloud security is at the top of every CIO's list. It is also the first subject that comes up when you engage in a discussion about the cloud. For those of us who followed the recent Ashley Madison story (from a tech perspective), you would agree that while the breach happened for so many reasons, security is at the heart of it. Here are some key aspects for creating a solid organization, keeping cloud security in perspective.

Don't Blame Vendors
Different industries have different regulations and requirements. For some, such as consumer grade document sharing platforms like Dropbox, Google Drive, Box and so many others, the problem actually is not with them but what people choose to store on these platforms. All of these and other platforms are hosted on the public cloud and while they may promise a certain level of security, they do not offer a private cloud where your data is secure on restricted servers that are meant for your use only. Sharing documents on these platforms becomes a responsibility of the end users and while the fine print covers the vendor, a breach is always possible. You probably do remember the instances where millions of records from an online document storage vendor were leaked. So if your organization wants super-tight security and is using a consumer grade document sharing platform, you are literally shooting yourself in the foot. The same goes for using public cloud applications such as Evernote, Google Docs and others. Sorry! Use solutions or hosting that offers a 100% private cloud.

Clean Your House
If your organization has no way to track and monitor changes in connected devices, you might as well save the money on your firewall. Allowing users to use non-certified or private devices such as USB drives, portable hard drives and other devices that can connect to your network is essentially security suicide. A 30-second connection with an infected device can transfer malicious code to your device and can sit there for months before it slowly starts eating away at your network like a plague. It may not even need to do that in case the malicious code is targeting specific ports to open and let the bad guys in. As I mentioned to a recent client, the inconvenience that users face unfortunately is far less than the risk and consequences that you may face with a hack. This is true for your cloud where you will be able to restrict access and enable multiple levels of user credential verification, SSL connections and so on. Lock down your network, because it's never too late.

Enable Processes
Processes are what makes and lack of them is what breaks. Enabling processes at every level within your organization is a key success driver. Processes define a methodology and a framework under which employees should work and go about their work. When was the last time you heard that discipline hurt someone? At the enterprise level, enabling usage and access policies are a way to get started. Not having processes just invites chaos, risk and injects the vulnerability of someone new coming into the organization and disrupting the way things are done. This does not mean not looking at ways to improved processes. That should be a constant driver anyway. Take inventory of how your organization functions and if it lacks processes, not only at the cloud or IT infrastructure level but everywhere else.

Do you have a take on cloud security? Feel free to share.

This article first appeared on the Solgeniakhela Blog

More Stories By Ian Khan

CNN Futurist, Forbes Contributor, Author, 3 Time TEDx Speaker and Technology Futurist, over the last 20 years Ian Khan has had the privilege to serve the needs of over 5000 organizations by fueling their growth through technology solutions. He has helped a diverse set of businesses ranging from Technology Companies, Oil Companies, Power Generation & Renewables Operators, Microsoft Ecosystem Partners, SAP Customers and Partners, Healthcare Providers, Manufacturers, Facility Operators, Startups, Educational Institutions, Nonprofits & associations and more. Ian’s experiences with these organizations led him to a unique position of being able to identify the common challenges of growth for all these organizations. The bottom line as he found out, is that we all are hungry for success and want to grow and make a difference. Where we fall short is by failing to understand our environment and taking the right action within that environment. After 20 years serving the needs of the industry Ian’s natural pivot was to answer his calling and help organizations at a broader level understand what tomorrow brings. His work and study of all these organizations brought forward very unique perspectives that he now share through his work. Today, hands down, we live in the great time for humanity. Technology is a great thing, but it also has its victims. Many organizations of tomorrow will fail under the pressure of a fast changing world, much of which is fueled and driven by technology. Ian’s mission is to help organizations avoid that pitfall, and propel themselves into success in today’s era and go from digital disruption to digital transformation in the fastest and most sustainable way. This is the only way, according to him, we can together create limitless value, create solutions that are faced by us locally as well as by others around the globe, and make the world a happier place. Today Ian’s work spans working with people by delivering keynotes, consulting and by promoting his 7 –Axioms methodology through his book and workshops. He is also working on an ambitious project of releasing a documentary in spring of 2018 called Industry 4.0. Industry 4.0 will capture the thoughts and insights of some of the world’s leading thinkers and help us understand the 4th Industrial Revolution, Its Impact, and how we can all be have an opportunity to be part of the emerging future and make the right choices. For more information please visit www.iankhan.com

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.