Home
/
Blog
/
The Security Pillars Cloud Providers Must Support
2 Minutes

The Security Pillars Cloud Providers Must Support

Understand enterprise cloud security requirements

Research from analyst firm Wikibon demonstrates that security has remained remarkably stable as the leading impediment to public cloud adoption. This is something I deal with constantly in my current role as CEO of my company’s new cloud division, where I spend much of my time working on the audits necessary to qualify for security certifications, speaking to analysts, etc. What I’ve found is that, while each organization has its own nuances, it’s clear where the market is headed. For simplicity, I’ve divided their requirements into four (somewhat arbitrary) categories: Data Handling, Mechanisms, Peace of Mind and Reporting.

Data Handling

While some organizations continue to store their most highly sensitive data on premise, this does not mean data stored in the cloud is not sensitive, nor does it give cloud providers an excuse to shirk responsibility for security. Indeed, many organizations rightfully demand that data they store in the cloud must be encrypted at rest (especially when hosted in a public cloud environment) with cryptographic key storage in a separate server or on premise. The cloud solution provider must also have strong policies regarding data management, retention, migration, deletion and communication standards. Proper processes regarding employee training, hiring and off-boarding, while not always top of mind for cloud providers thinking of security, are also critically important to ensure good governance.

Mechanisms

Role-based access is the cornerstone of any security system and the cloud is no exception. Administrators need a system that allows them to assign permissions to staff based on their role with clearly demarcated rules regarding who has access to which information, who can make edits, etc. This often includes integration with Microsoft Active Directory and LDAP in order to support the authentication and authorization of all users and devices within a network. Most enterprises will also demand support for SSO tools like OpenID, Open Authorization (OAuth), SAML, Shibboleth and SSO servers.


Peace of Mind

Perhaps the most critical component of delivering enterprise peace of mind is in ensuring near-continuous uptime for mission-critical applications. Today, most enterprise SLAs specify 99.5% or higher uptime guaranteed by multiple layers of redundancy in data centers spread throughout the world. This also includes provisions for backup and recovery in case unforeseen disaster strikes, or situations where demand drastically increases due to factors such as seasonal marketing campaigns or the deployment of a new application. The system should be able to adapt itself to account for traffic jumps by scaling up and preventing the collapse of digital channels.

Reporting

Enterprises will insist not just on access controls but also on accurate logs with detailed information on who accessed which systems and when, plus automated alerts in case abnormal behavior is detected or systems are compromised. In practice, this means cloud providers should be prepared to provide information regarding user session length (particularly by admin or privileged logins) and CPU and memory usage over time, among other metrics. 

Concluding Thoughts

Cloud computing has become a major driver of growth for businesses, particularly in accelerating the development lifecycle and time to market for enterprise applications. While this is obviously a positive development, it also means more sensitive data is moving off premise and enterprises need to carefully evaluate the risks that entails, lest they end up among the legion of companies compromised in recent security breaches. In particular, businesses need to understand what security certifications their cloud providers have, what processes they have in place to ensure organizational data remains secure, their policies regarding the on-boarding and off-boarding of their own personnel and the granularity of the metrics they provide customers. 

Don’t let any of this scare you! The cloud is a wondrous place full of business value but as with any other purchase, you owe it your organization and your customers to go in with clear-eyed understanding of the risk environment.

Learn More About the Benefits of Cloud Deployments

Most enterprises understand the cloud offers significant benefits in the form of more efficient resource management and faster time-to-market. Yet there are even more benefits waiting for digital enterprises just below the surface. Read our white paper to learn more!

Get the Whitepaper  
Related Content
f8dc394e-969b-46e3-9922-86b85fa58e4e
Enhancing DevOps Culture with Liferay DXP
DevOps culture reimagined with Liferay DXP Cloud
4 Min Read
June 13, 2022
218be966-5f2e-49fd-9a09-8677e4c2f8a2
Liferay DXP Cloud: Breaking the Barriers of Time and Project Constraints
How operating on the cloud can optimize your digital experience platform
2 Min Read
April 18, 2019
00b8af08-0dfd-416d-b2f7-fac4b8eb6bf7
Why Your Business Needs to Move to the Cloud
Comparing on-premise and cloud deployment
2 Min Read
June 14, 2022
Home
 / 
Blog
 / 
 / 
The Security Pillars Cloud Providers Must Support
Text
2 Min Read

The Security Pillars Cloud Providers Must Support

Understand enterprise cloud security requirements
Image
Share

Research from analyst firm Wikibon demonstrates that security has remained remarkably stable as the leading impediment to public cloud adoption. This is something I deal with constantly in my current role as CEO of my company’s new cloud division, where I spend much of my time working on the audits necessary to qualify for security certifications, speaking to analysts, etc. What I’ve found is that, while each organization has its own nuances, it’s clear where the market is headed. For simplicity, I’ve divided their requirements into four (somewhat arbitrary) categories: Data Handling, Mechanisms, Peace of Mind and Reporting.

Data Handling

While some organizations continue to store their most highly sensitive data on premise, this does not mean data stored in the cloud is not sensitive, nor does it give cloud providers an excuse to shirk responsibility for security. Indeed, many organizations rightfully demand that data they store in the cloud must be encrypted at rest (especially when hosted in a public cloud environment) with cryptographic key storage in a separate server or on premise. The cloud solution provider must also have strong policies regarding data management, retention, migration, deletion and communication standards. Proper processes regarding employee training, hiring and off-boarding, while not always top of mind for cloud providers thinking of security, are also critically important to ensure good governance.

Mechanisms

Role-based access is the cornerstone of any security system and the cloud is no exception. Administrators need a system that allows them to assign permissions to staff based on their role with clearly demarcated rules regarding who has access to which information, who can make edits, etc. This often includes integration with Microsoft Active Directory and LDAP in order to support the authentication and authorization of all users and devices within a network. Most enterprises will also demand support for SSO tools like OpenID, Open Authorization (OAuth), SAML, Shibboleth and SSO servers.


Peace of Mind

Perhaps the most critical component of delivering enterprise peace of mind is in ensuring near-continuous uptime for mission-critical applications. Today, most enterprise SLAs specify 99.5% or higher uptime guaranteed by multiple layers of redundancy in data centers spread throughout the world. This also includes provisions for backup and recovery in case unforeseen disaster strikes, or situations where demand drastically increases due to factors such as seasonal marketing campaigns or the deployment of a new application. The system should be able to adapt itself to account for traffic jumps by scaling up and preventing the collapse of digital channels.

Reporting

Enterprises will insist not just on access controls but also on accurate logs with detailed information on who accessed which systems and when, plus automated alerts in case abnormal behavior is detected or systems are compromised. In practice, this means cloud providers should be prepared to provide information regarding user session length (particularly by admin or privileged logins) and CPU and memory usage over time, among other metrics. 

Concluding Thoughts

Cloud computing has become a major driver of growth for businesses, particularly in accelerating the development lifecycle and time to market for enterprise applications. While this is obviously a positive development, it also means more sensitive data is moving off premise and enterprises need to carefully evaluate the risks that entails, lest they end up among the legion of companies compromised in recent security breaches. In particular, businesses need to understand what security certifications their cloud providers have, what processes they have in place to ensure organizational data remains secure, their policies regarding the on-boarding and off-boarding of their own personnel and the granularity of the metrics they provide customers. 

Don’t let any of this scare you! The cloud is a wondrous place full of business value but as with any other purchase, you owe it your organization and your customers to go in with clear-eyed understanding of the risk environment.

Learn More About the Benefits of Cloud Deployments

Most enterprises understand the cloud offers significant benefits in the form of more efficient resource management and faster time-to-market. Yet there are even more benefits waiting for digital enterprises just below the surface. Read our white paper to learn more!

Get the Whitepaper  
Originally published
June 26, 2019
 last updated
June 3, 2022
Topics:

See how you can build a solution fit for your needs

1400 Montefino Avenue
Diamond Bar, CA 91765
USA
+1-877-LIFERAY
Built on Liferay Digital Experience Platform