Computing asked the experts for their top tips to help businesses use the cloud securely. Here's what they said
Managing and monitoring is key (2)
Nick Delewski, managing consultant, security consulting, Spirent Communications
"Remember the basics. Vulnerability management and auditing are critical. Cloud services offer automation and operational efficiency, but they don't do it all for you. Operational security, application security, and auditing are still critical to security in the cloud. Layered security and patching are made easier by the tools at our disposal; the time you save racking and stacking could be spent on staying on top of the latest threats and ensuring that your cloud provider has regular patch and vulnerability management program in place. Plus performs periodic third party penetration tests and compliance security audits.
"You also need an inventory of your security toolset. Ever wanted to build a network of honeypots for early warning, but you didn't have the time/rack space/hardware to do it right? Now might be your chance. Whether your infrastructure cloud is public or private, spinning up a new instance should only take a few minutes. Plus, if you're only being billed for shared processor time, a honeypot system should be fairly cheap. What other new tools are at your disposal that take advantage of IaaS?"
Ian Muscat, product communications manager at Acunetix
"When most people think of information security within an organisation, it is usually centred on defending the perimeter and protecting endpoints. However, in today's world, an organisation's network perimeter is no longer limited to physical machines on a corporate network, it now increasingly incorporates the cloud.
"More importantly perhaps, web application security has become the number one threat surface organisations are exposing. Since organisations are constantly shipping web applications to satisfy their business requirements, vulnerabilities are not slowing down - so much so that new research shows 55 per cent of websites have high-severity vulnerabilities.
"Tackling this challenge, especially with limited resources, could be challenging, which is why cloud-based web security scanners make things quick and easy to get started."
David Meyer, VP of product at OneLogin
"Consider a cloud vendor an extended part of your infrastructure. You need to be as comfortable with their internal processes as you are with your own."
Paul Burns, chief technology officer at TSG
"Define/agree responsibilities. Establish who will manage alterations and security updates to the hosted firewalls and VPN set-ups at your chosen data centre/cloud provider and examine how will change management be validated/implemented. Often these basic questions are left unanswered until a hole is discovered during a security compliance audit."