Professional Documents
Culture Documents
you to create and manage AWS users and user should consider ones that meet both sets of
groups by way of permissions, which allow and requirements.
disallow access to data. The benefit of Ama-
zons IAM is the ability to manage who can The design and architecture of your identity-
access what, and in what context. based security solution. Sometimes security
services can come from your cloud provider.
HOME
In many other cases, you have to select and
EDITORS NOTE OTHER PLAYERS IN THE GAME deploy third-party security tools.
Of course, not everyone runs AWS. Fortunately,
CLOUD SECURITY
AND GOVERNANCE many new IAM players are focusing on cloud Importance of testing, including white hat
ACTION PLAN
and usually promise to provide both iden- security tests. They are telling, in terms of
CLOUD DATA tity management and single sign-on services. the actual effectiveness of your security
SECURITY COMES
These players include Bitium, Centrify, Okta, systems.
AT A COST
OneLogin, Ping Identity and Symplified.
Each of the providers approaches cloud The effect on performance. In some
security and IAM differently, so youll need to instances, security can slow your system to
review each product with regard to your spe- the point that it affects productivity.
cific requirements. When selecting the right
cloud security approaches, be certain to con- Industry and all required regulations for
sider the following: compliance.
and security typically work together, thus you to define and control access.
cant select the right security approaches and Data governance is becoming more important
technology without first understanding your for businesses that implement cloud comput-
governance strategy. ing. The Cloud Security Alliance (CSA) has a
Service-level, or API governance, installs Cloud Data Governance Working Group that is
policies around access to services exposed defining approaches and standard technology.
HOME
by public or private cloudsthose who want Perspecsys and Acaveo are among the vendors
EDITORS NOTE to access cloud services have to go through in the cloud data governance market.
a centralized mechanism that checks to see Platform-level governance, sometimes called
CLOUD SECURITY
AND GOVERNANCE that those who request access are appropri- a cloud management platform, is related to the
ACTION PLAN
ately authorized. This mechanism also forces management of the platforms themselves. This
CLOUD DATA compliance with pre-defined policies that means placing automation services around
SECURITY COMES
can dictate when and how the services can be the governance and management of a cloud
AT A COST
accessed. Companies that provide API/service platform, including provisioning and deprovi-
management and governance products include sioning of cloud resources as needed by appli-
Mashery and Apigee. cations or data.
Data-level governance, much like service- The objective of platform-level governance
level governance, focuses on the management is to provide a single point of control for com-
of both storage and data. Once again, policies plex, distributed, and heterogeneous public
are placed around data and data storage systems and private cloud-based resources. This allows
policies to define when and where resources work to define your requirements, both busi-
are put to work and makes sure users leverage ness and technical. Once thats accomplished,
only what is necessary. The end result is that its easy to create a comprehensive strategy
we do not overpay for subscription-based ser- and then proceed to implement the right
vices, and the system works around issues such technology.
as outages. RightScale and ServiceMesh (now Most organizations continue to be concerned
HOME
owned by CSC) are among the vendors offering about the risks introduced by cloud comput-
EDITORS NOTE platform-level governance products. ing. Those risks, however, are substantially less
than many of the traditional systems in use
CLOUD SECURITY
AND GOVERNANCE today.
ACTION PLAN
CREATING YOUR OWN APPROACH The cloud has too many benefits to ignore,
CLOUD DATA Your customized approach to cloud security and the risks around security and governance
SECURITY COMES
and cloud governance requires a great deal of are now solvable problems. David Linthicum
AT A COST
Breaches are a recurring event in the IT be expensive, so admins tasked with secur-
HOME
world, with the U.S. Postal Services computer ing the cloud should prepare their CIOs for a
EDITORS NOTE network among the latest victims. Authori- big bill. The cost of the talent needed to create
ties suspect the attack compromised sensitive proper security architectures and approaches
CLOUD SECURITY
AND GOVERNANCE datanames, date of birth, Social Security and then to run them effectively, will set com-
ACTION PLAN
information, addresses and employment panies back.
CLOUD DATA recordsof more than 800,000 employees. Clouds are complex distributed systems, so
SECURITY COMES
This attack follows significant credit card whats the best way to protect them? The best
AT A COST
data breaches at Target and Home Depot. But cloud security model and practice is identity
these attacks were not cloud-related. Hackers access management (IAM). Many cloud pro-
exploited poorly protected traditional systems. viders, such as Amazon Web Services (AWS),
As cloud adoption rises and hackers continue provide IAM as a service. Others require third-
their attacks, cloud data security, which isnt party IAM systems.
cheap, becomes paramount. To ensure cloud data security, use the
So the question not only becomes how to method and technology that enable the right
protect your cloud-based systems, but can you individuals to access these resources at the
afford it? right times and for the right reasons. This
means that everything and everyone gets an
identityincluding humans, servers, APIs,
BREAKDOWN OF CLOUD SECURITY COSTS applications, data and more. After verify-
The technology needed for cloud security can ing identities, define which can access other
identities and create policies to define the lim- systems. Everything needs to be locked up the
its of those relationships. same way; if cloud-based systems are secure,
but traditional systems arent, then the system
isnt completely secure. Just ask Target and the
EXPLORE DIFFERENT CLOUD U.S. Postal Service.
SECURITY AVENUES However, technology isnt the real expense
HOME
There are a few approaches to cloud security, its the security engineers needed to build and
EDITORS NOTE including using IAM for your cloud provider, operate effective cloud security systems that
IAM software and a third-party cloud. Cloud- cost the most. Indeed.com reports that the
CLOUD SECURITY
AND GOVERNANCE based IAM system expenditures, such as those average annual salary for a U.S. worker with
ACTION PLAN
provided by AWS, are nominal. Most busi- the words cloud security in his or her title
CLOUD DATA nesses, however, choose security options that is $134,000. And these talented engineers are
SECURITY COMES
are not tied to a single cloud provider. extremely hard to find, so youll pay even more
AT A COST
The cost to run an IAM system, whether for the best talent. Capable consultants can
on-premises or as a service, varies. The aver- cost $2,000 to $2,500 per day.
age yearly cost is $5,000 per application, so it Moving to the cloud has tremendous ben-
can get expensive if you manage 1,000 applica- efits, but security done right is costly.
tions in private or public clouds and traditional David Linthicum
CLOUD SECURITY
Phil Sweeney | Managing Editor
AND GOVERNANCE
ACTION PLAN Patrick Hammond | Associate Features Editor
CLOUD DATA
Linda Koury | Director of Online Design
SECURITY COMES
AT A COST Neva Maniscalco | Graphic Designer
TechTarget
275 Grove Street, Newton, MA 02466
www.techtarget.com