Technology Solution Provider Details Five Basic Security
Farmington Hills, MI, July 31, 2012 – The first
reason most IT professionals say they are interested in a private
cloud solution rather than a public cloud solution is security.
Ironically, diligent security is often the last item on the
checklist for many organizations when building a private cloud
solution. To help IT professionals secure their private cloud
installations, Logicalis, an international IT solutions and managed
services provider (http://www.us.logicalis.com/),
has created a best practices approach to cloud security.
“Unless an organization is in a regulated
industry that is required to provide proof of security – such as
PCI, HIPAA, FISMA or ITAR – the level of security in many data
centers today could be characterized as ‘not so much,’” laments Von
Williams, director of information security for Logicalis.
And interest in private clouds is on the rise
according to analysts.
“In 2011, assessing and planning for a
'public' cloud computing strategy was at the top of the CIO agenda,
as a means to increase agility, and lower costs. But enterprise
interest in private cloud computing is set to sky rocket in 2012
and 2013," according to Robert Mahowald, research vice president
for Saas and Cloud Services at IDC. "IDC's Summer 2012 CloudTrack
survey found that just over 80% of organizations will be pursuing a
private cloud computing strategy by 2014, in addition to looking to
the public cloud for capability. It just makes good business sense
since it combines the assurance of a well-understood operational
model – running assets securely and locally – with the elasticity
to respond to changing business needs quickly, with simplified IT
management across the combined portfolio.”
Five Steps to Secure Private
“A security initiative needs to be a detailed,
disciplined process, but it doesn’t have to be overwhelming,” says
Williams. “But you do have to have a security policy to apply in
the first place.” A best practices approach to upgrading or
creating a security policy that is appropriate for most
organizations focuses on five basic security components.
These five steps form the path for a solid
security policy: Risk Assessment, Data Ownership, Data
Classification, Auditing & Monitoring, and Incident
Williams suggests IT pros ask the following
questions while developing their private cloud security policy to
help defend their organizations from hackers as well as inadvertent
access to confidential data.
1. Risk Assessment:
How much risk can the organization accept? This seems like
an odd question; the answer would seem to be an automatic, “None.”
However, considering this question and then developing corporate
policies for security around the answers will help identify the
security and privacy requirements necessary to ensure compliance
with any applicable federal and state regulations as well as
industry requirements. As companies develop risk management
policies, it replaces ambiguity with certainty about questions
regarding data security and privacy.
2. Data Ownership:
Who owns the data? This question helps decide the “local
data sheriffs” for an organization. Why is this necessary? Because
each data owner, usually someone within a specific business unit,
decides the classification of the data to be maintained and is then
responsible for granting user access to the data.
Classification: How is the data classified? Not all data
is created equal. That is, not all data requires the same level of
security. Typically, data is classified using three categories –
private, confidential or public. Data can fall under more than one
category – a spreadsheet with salary information might be private
to the company and confidential so only HR employees and
supervisors may view it. A data classification established by the
data owner clears up any mystery about access.
4. Auditing &
Monitoring: How is the data watched? This is generally
accomplished with a security incident and event monitoring (SIEM)
system that records successful and failed login attempts into key
systems, configuration changes and system activities. A SIEM system
can log correlation among various security systems and help
reconstruct events that led to a security breach or incident.
Response: What is the reaction to any data security
breach? Exactly what to do in the case of a data security
breach must be outlined in detail in a corporate incidence response
policy. The stronger the security and controls applied, the fewer
incidents requiring reaction. But the opposite is also true,
requiring fast incident responses. A detailed policy makes a quick
“Developing an appropriate security program
for an organization in a conventional infrastructure that can then
be extended to a private cloud environment adds another dimension
to everything,” says Williams. “The reality is that, until you have
developed, implemented and tested a comprehensive security program
for your organization, your data may not be any safer at home, let
alone in the cloud.”
Logicalis is an international IT solutions and
managed services provider with a breadth of knowledge and expertise
in communications and collaboration; data center and cloud
services; and managed services.
Logicalis employs almost 3,000 people
worldwide, including highly trained service specialists who design,
specify, deploy and manage complex ICT infrastructures to meet the
needs of over 6,000 corporate and public sector customers. To
achieve this, Logicalis maintains strong partnerships with
technology leaders such as Cisco, HP, IBM, CA Technologies, NetApp,
VMware and ServiceNow.
The Logicalis Group has annualized revenues of
over $1.2 billion, from operations in the UK, US, Germany, South
America and Asia Pacific, and is fast establishing itself as one of
the leading IT and Communications solution integrators,
specializing in the areas of advanced technologies and
The Logicalis Group is a division of Datatec
Limited, listed on the Johannesburg and London AIM Stock Exchanges,
with revenues of over $5 billion.
For more information, visit http://www.us.logicalis.com/.