apacciooutlook logo

Securing your Cloud Infrastructure - A Journey not a Destination

By Vishal Katial, VP-Information Technology, Ugam

content-image

Vishal Katial, VP-Information Technology, Ugam

Ugam is a global provider of managed analytics solutions for retailers, brands and market research firms. The company’s unique managed services offering combines a proprietary big data technology platform with deep domain knowledge and analytics expertise to empower clients to make decisions that improve their business.

So you have finally decided to utilize the cloud for solving your business/customer problems. While the journey has begun, the NEXT big question is - “How to align the security requirements of this cloud infrastructure with your business needs so that clients and stakeholders are assured of its confidentiality, integrity and availability?”

There are five aspects that need to be considered:
1. Information Security Policy for Cloud-hosted Infrastructure: Assess the security practices that the cloud provider follows, for example, ISO27001, PCI-DSS, HIPAA, SSAE16, etc. Keeping business requirements in mind, your information security team and cloud administration team, along with the cloud service provider should define cloud-specific security policies and procedures. Making them cloud-specific will help bring focus and also establish a method to measure and mitigate risks.

2. Security network architecture: Review off-the-shelf tools as a starting point for building your security network architecture. For example, build various secured zones to segregate your Web, Processing and Database Layers. This is similar to following the DMZ type approach and is supported by most providers.

Besides, most providers will provide you with options to further add firewalls of your choice so that you can enable Filtering and also IPS type features. Needless to say, the systems will need to be protected by cloud-specific anti-virus software. Follow the best practices for IP Addressing and DNS, based on what flexibility and services are given by the cloud-service provider.

3. Continuity & Scalability: Not a new word, but in the cloud world you will hear and get many more cost-effective options which can help build continuity and scale for your Infrastructure. For example, multiple availability zones for data centers, replication across geographies, auto-scaling and support for multiple IT automation frameworks.

4. Cloud Administration & Access Management: The next important aspect is to build a secured VPN tunnel to your core network. This is to ensure that only authorized teams have access to your cloud setup. This secured tunnel also helps in building an integration bridge between your cloud setup and internal systems. This step virtually makes your cloud infrastructure an extension of your physical, in-house datacenter. From an access management standpoint, consider using multifactor authentication and integration with the directory services of the organization.

5. Compliance: Benchmark against your information security standard, for example, ISO/IEC27001, to provide assurance to clients and customers on the cloud hosted infrastructure. Keep reviewing the effectiveness of your security implementation through regular audits, vulnerability/ penetration testing and risk management.

“Achieving information security is a journey not a destination”. As you keep scaling and securing your cloud, you must continue to explore encryption tools, build more layers of redundancy, disaster recovery, and so on to add more value to your customer.

Magazine Current Issue

magazine current issue

Leaders Speak

Andy Nallappan, VP & CIO,

The Industry Demands Quick Upgrade into Cloud

By Andy Nallappan, VP & CIO,

Global Information Technology, Avago Technologies

Steven Weinreb, CIO & EVP, Technology & Operations, Asia, MetLife

Embracing Advanced Tech-enabled Solutions that Foster Innovation and Growth

By Steven Weinreb, CIO & EVP, Technology & Operations, Asia, MetLife

Anil Khatri,

Trends that are on Every CIO's Watch-list

By Anil Khatri,

Head IT-South Asia,

SAP

James F. Hanauer, CTO, VP Engineering and Art Saisuphaluck, Solutions Architect, R&D Lead, CTSI-Global

Simplifying Infrastructure Management with Microsoft Solutions

By James F. Hanauer, CTO, VP Engineering and Art Saisuphaluck, Solutions Architect, R&D Lead, CTSI-Global

Mickey Bradford, VP-IT/CTO, Exchange; & Jay McCartin, VP-Logistic Operations,  Army & Air Force Exchange Service

Embracing Cloud Hosting Benefits

By Mickey Bradford, VP-IT/CTO, Exchange; & Jay McCartin, VP-Logistic Operations, Army & Air Force Exchange Service