How to Implement an Effective Cloud Security Strategy

By: Vid Sista, Data Center and Security Practice Director

The verdict is in on cloud computing – it’s no longer an option. Successful businesses use the cloud. Whether it’s for email, document sharing, or even a fully virtualized user environment, almost every company has its data in a server farm somewhere.

The real question is, how have you ensured your company’s confidential information is safe? Cloud security is different than regular network security; you have to understand how to secure someone else’s computer.

The more you outsource to the cloud, the less you have to secure. In a private cloud scenario, you have to personally secure everything – from the network to the application. Conversely, Software-as-a-Service (SaaS) cloud services require you to manage almost nothing in-house. However, that means that your contractual negotiations with your cloud provider are key to ensuring your data is secure.

Accudata assisted a large healthcare institution headquartered in Houston’s medical center with selecting the right vendor for their needs. The customer had recently conducted an RFP and had even selected a vendor that they thought would meet all of their criteria for cost, accessibility, and uptime; however, Accudata found large gaps in the vendor’s ability to contractually fulfill all necessary security requirements and SLAs. In the end, the customer selected an entirely new vendor that was able to meet all their needs – but if they hadn’t taken a deeper look into their contracts, they would have ended up with a cloud provider that would not have met their needs.

Even if you’re currently with a cloud provider, you need to consider your exit strategy. Is your data encrypted? If so, who owns the encryption keys? There have been nightmare stories of companies that can’t extract data out of their cloud environment because the provider owns the encryption key – meaning all their data is worthless outside of that provider’s system.

A large financial institution in Houston found its cloud costs skyrocketing from a couple thousand dollars a year to more than $80,000 per month. On top of that, their current cloud provider couldn’t keep up with the customer’s needs, and would constantly have downtime. After consulting with Accudata, we determined that a private cloud environment would be the most cost-effective and beneficial solution for the customer.

One big problem was extracting the customer’s datasets. There was simply too much data to move across a network in a secure fashion. In the end, the customer’s cloud provider had to securely mail physical hard drives to the customer’s new data center. Accudata’s expertise allowed the customer to move into a private cloud environment with minimal downtime. However, it is important to look at your cloud provider exit strategy. Can you migrate your data? Who owns your metadata? Can that be migrated as well? These are only a few of the questions that must be answered when securing your data.

Another challenge with cloud security is managing and retaining all user passwords to your different cloud environments and applications, especially if end users are logging in on a daily basis. However, a federated identity management solution can make that challenge disappear. A Security Assertion Markup Language (SAML) solution is the most versatile choice. Instead of requiring unique logins, a SAML-based solution integrates a user’s current authentication or identity provider solution to access all cloud environments. It keeps your users secure, and it allows you to never have to worry about who has your passwords – SAML solutions generate tokens to verify identity. There aren’t any credentials exchanged between service providers and your user base.

A large medical college in Houston needed to leverage its internal Active Directory environment to provide secure SSO for its users – and the experience needed to be seamless and HIPAA-compliant. Accudata leveraged multiple f5s that already existed in the customer’s environment to provide a SAML experience that fit exactly what they needed. Boosting security doesn’t always have to involve spending large amounts of capital; it can come down to repurposing or reconfiguring equipment you already have in your environment.

No matter what your cloud strategy is, you need to ensure that your data is secured and is solely in your control. Accudata’s data center experts can help provide the industry knowledge and experience you need to make sure your cloud strategy keeps increasing your company’s productivity, not hindering its growth. To learn more, contact your Accudata Systems account manager or call 1.800.246.4908.

This Post Has 2 Comments

  1. Erin Maccabe

    Neat article! I agree with you that the consumer should still get the upper hand when it comes to data security and control. But of course your SaaS provider still plays a role, in fact a big role, with your data security and control as they are actually the ones that you handles them for you. So, it is on your part to make sure that you choose your SaaS provider wisely. I have been with Lirik (http://lirik.io/frameworks) for some time now and they work wonders for me!

  2. Mirian Shade

    Hey Vid,

    Great article! Today when the overall online market is cloud based, only a few are aware of the right and fruitful strategy to implement this. As there are several risks associated with a Saas based Cloud application such as security, confidentiality one need to pay more attention towards its use. But just because of the risks associated with it we can not ignore its benefits that it gives an organization.

Leave a Reply

Your email address will not be published. Required fields are marked *