Contents tagged with ITCSSG

  • Need of cloud computing security framework

    Data security has been the primary focus for Information technology, which is escalated in cloud computing because data get dispersed across the globe and jurisdiction. Today, consumers rarely choose to send photos over email, as well as no longer use thumb drives to carry documents. The cloud has become a permanent place to keep all types of documents; including personal documents, bank statements, ID scan, and confidential business information. Cloud computing has also brought in shared online profile and password authentications. The more sensitive data find a home in the cloud, which seems to be the case, the risk of data breaches and security cannot be overlooked.

    Every organization with Non-Public Information (NPI), such as customer Name, address, email, username, and passwords, under its procession, has greater liability against the data breaches. There have been several cases recently where data was compromised such as iCloud, Home Depot, Target, and others, which result in a huge impact on company’s brand image and direct impact on profitability.

    Cloud computing is not intact from the security risk, and IT management need to evaluate cloud vendors on following key area:

    • Privileged user access to make sure could vendor have controls in place for personnel who are managing data.
    • Abide by regulatory compliance,external audits and security certification.
    • Data Location and processing in a particular jurisdiction, and it should have controls in place to make sure local privacy requirements have been fulfilled on behalf of their customers
    • Data segregation from another customer and appropriate encryption algorithm applied on customer data while at rest and during processing.
    • Recovery of data in the case of disaster by replicating data and application infrastructure across multiple locations.
    • Investigative support for inappropriate or illegal activity. Cloud services data logging typically distributed across multiple hosts of collocated with other customers.

    There is a need of cloud computing security framework to ensure data security.