Technology solution provider details five basic security components

FARMINGTON HILLS, Mich., July 31 — The first reason most IT professionals say they are interested in a private cloud solution rather than a public cloud solution is security. Ironically, diligent security is often the last item on the checklist for many organizations when building a private cloud solution. To help IT professionals secure their private cloud installations, Logicalis, an international IT solutions and managed services provider, has created a best practices approach to cloud security.

"Unless an organization is in a regulated industry that is required to provide proof of security – such as PCI, HIPAA, FISMA or ITAR – the level of security in many data centers today could be characterized as 'not so much,'" laments Von Williams, director of information security for Logicalis.

And interest in private clouds is on the rise according to analysts.

"In 2011, assessing and planning for a 'public' cloud computing strategy was at the top of the CIO agenda, as a means to increase agility, and lower costs. But enterprise interest in private cloud computing is set to sky rocket in 2012 and 2013," according to Robert Mahowald, research vice president for Saas and Cloud Services at IDC. "IDC's Summer 2012 CloudTrack survey found that just over 80% of organizations will be pursuing a private cloud computing strategy by 2014, in addition to looking to the public cloud for capability. It just makes good business sense since it combines the assurance of a well-understood operational model – running assets securely and locally – with the elasticity to respond to changing business needs quickly, with simplified IT management across the combined portfolio."

Five Steps to Secure Private Clouds

"A security initiative needs to be a detailed, disciplined process, but it doesn't have to be overwhelming," says Williams. "But you do have to have a security policy to apply in the first place." A best practices approach to upgrading or creating a security policy that is appropriate for most organizations focuses on five basic security components.

These five steps form the path for a solid security policy: Risk Assessment, Data Ownership, Data Classification, Auditing & Monitoring, and Incident Response.

Williams suggests IT pros ask the following questions while developing their private cloud security policy to help defend their organizations from hackers as well as inadvertent access to confidential data.

1. Risk Assessment: How much risk can the organization accept? This seems like an odd question; the answer would seem to be an automatic, "None." However, considering this question and then developing corporate policies for security around the answers will help identify the security and privacy requirements necessary to ensure compliance with any applicable federal and state regulations as well as industry requirements. As companies develop risk management policies, it replaces ambiguity with certainty about questions regarding data security and privacy.

2. Data Ownership: Who owns the data? This question helps decide the "local data sheriffs" for an organization. Why is this necessary? Because each data owner, usually someone within a specific business unit, decides the classification of the data to be maintained and is then responsible for granting user access to the data.

3. Data Classification: How is the data classified? Not all data is created equal. That is, not all data requires the same level of security. Typically, data is classified using three categories – private, confidential or public. Data can fall under more than one category – a spreadsheet with salary information might be private to the company and confidential so only HR employees and supervisors may view it. A data classification established by the data owner clears up any mystery about access.

4. Auditing & Monitoring: How is the data watched? This is generally accomplished with a security incident and event monitoring (SIEM) system that records successful and failed login attempts into key systems, configuration changes and system activities. A SIEM system can log correlation among various security systems and help reconstruct events that led to a security breach or incident.

5. Incidence Response: What is the reaction to any data security breach? Exactly what to do in the case of a data security breach must be outlined in detail in a corporate incidence response policy. The stronger the security and controls applied, the fewer incidents requiring reaction. But the opposite is also true, requiring fast incident responses. A detailed policy makes a quick response easier.

"Developing an appropriate security program for an organization in a conventional infrastructure that can then be extended to a private cloud environment adds another dimension to everything," says Williams. "The reality is that, until you have developed, implemented and tested a comprehensive security program for your organization, your data may not be any safer at home, let alone in the cloud."

To learn more about private cloud, download Logicalis' eBook, "A Cloud of Your Own."

Watch a short four-minute video on private cloud.

Visit Logicalis' private cloud microsite.

About Logicalis

Logicalis is an international IT solutions and managed services provider with a breadth of knowledge and expertise in communications and collaboration; data center and cloud services; and managed services.

Logicalis employs almost 3,000 people worldwide, including highly trained service specialists who design, specify, deploy and manage complex ICT infrastructures to meet the needs of over 6,000 corporate and public sector customers. To achieve this, Logicalis maintains strong partnerships with technology leaders such as Cisco, HP, IBM, CA Technologies, NetApp, VMware and ServiceNow.

The Logicalis Group has annualized revenues of over $1.2 billion, from operations in the UK, US, Germany, South America and Asia Pacific, and is fast establishing itself as one of the leading IT and Communications solution integrators, specializing in the areas of advanced technologies and services.

The Logicalis Group is a division of Datatec Limited, listed on the Johannesburg and London AIM Stock Exchanges, with revenues of over $5 billion.

For more information, visit http://www.us.logicalis.com.

Business and technology working as one

Facebook: http://www.facebook.com/Logicalis?v=wall
Twitter: http://twitter.com/logicalis
RSS: http://www.us.logicalis.com/feeds/rss.aspx
YouTube: http://www.youtube.com/user/LogicalisIT
Blog: http://www.hypeorripe.com/

-----

Source: Logicalis