Smart Security in the Cloud - Building confidence through risk management


Wanting to adopt a robust and lasting approach to Cloud Computing? You have to look beyond technology. The best risk minimization strategies of today must take governance and compliance into account.

For all businesses considering the path to cloud computing – where organizations transfer their assets and thus part of their wealth to an independent service provider –security and legal issues are front and center. They must therefore put considerable trust in the checks and balances their service provider chooses to implement. In this context, provider accountability and transparency are more important than ever.

Cloud adoption issues

Implementing cloud computing carries serious risks:

  • Compliance and contractual risks
  • Resource sharing
  • Availability
  • Interoperability

Compliance and contractual risks
Organizations must comply with many laws and regulations (CNIL, SOX, HIPAA, PCI-DSS), raising the following concerns:

  • What data is stored on a given system and in which countries?
  • Who has system access? Who can retrieve information?
  • Do these people really need access?
  • Are audit trails and reversibility clauses included in the contract?

Resource sharing
Data sensitivity is the first issue you need to raise when considering cloud migration.

  • How do you separate information to implement different protection measures for individual data classifications?

Resource sharing can threaten data integrity:

  • Can data be compromised?
  • How is data encrypted?

Data transfer between user and host raises further questions still:

  • Can data be traced in the cloud?
  • How do you ensure such transfers remain secure?
  • How do you fence off virtual infrastructure?

Availability
As a result of external hosting, client data availability is another major concern.

  • What are the risks if infrastructure comes under attack?
  • Where is data located? Is it being replicated at different sites?

Furthermore, not knowing exactly where data is does not mean that traditional storage concerns no longer apply:

  • What backup procedures have been put in place?
  • Are data retrieval and backup methods up to scratch?

Interoperability
Choosing a Cloud Computing provider also means subscribing to their service model:

  • How do you connect internal information systems to a specific host platform?
  • How do you get an organization’s private Cloud to talk to a provider’s public cloud and ensure they can interact?
  • How difficult is it to switch providers? What happens if your service provider migrates or shuts down?

Sogeti’s security know-how

From audit to operations management & governance through to security solutions integration, our service offering covers all sorts of clients and all kinds of needs. Our aim is to accompany you in adopting a Cloud Computing model with the highest possible level of security.

Governance and security
Loss of complete data oversight means you must undertake risk impact assessment and ensure security policy compliance. Our consultants will help you set the terms of a joint governance relationship with your provider, establishing your respective duties and responsibilities.

Compliance and contractual risks
In a cloud model, data can and will be distributed worldwide. It is therefore necessary to understand the rules that users and providers must uphold to ensure compliance every step of the way. The legal and business impacts of such rules should also be assessed.

Furthermore, full guarantees covering the return of data or infrastructure to clients must also be formalized in contracts with provid-ers. We recommend that clients ensure that their data can be traced, usable and encrypted.

Expertise in information systems solutions 

Resource sharing can present a threat to data confidentiality. You must ensure you retain the ability to encrypt and isolate data. Be aware that unconventional encryption can lead to irreversible data loss.

Cloud Computing operates using virtual machines which represents a further level of security complexity. Additional security management is necessary for transferring data and duplicating virtual machines from one protection environment to another.

To improve security and ensure optimal protection against malicious VM targeting, you should adopt a variety of measures:

  • Intrusion detection system
  • Vulnerability scanning methods
  • Data integrity monitoring
  • Log audits and configuration settings verification


Why Sogeti?

SOGETI employs 170 European professionals passionate about security. Sogeti Security Offers cover organizational, legal and technical fields and our experts will address your needs from designing to implementing to running and auditing your projects.

 

Contacts



Philippe Rochet
philippe.rochet@sogeti.com
 

Learn more about our Cloud Services


Cloud Computing
An overview of what we offer

Journey to the Cloud
A bespoke cloud strategy for your business inlucing our Cloud Discovery Day

Collaborating in the Cloud
Creating collaborative environments for business

Development in the Cloud
A secure and integrated Cloud application solution

Cloud-enabled Software Testing as a Service
On-demand, flexible and pay-per-use software testing using a cloud-based test infrastructure solution

Smart Platforms for the Cloud
Implementing a Cloud-compatible IT framework

IBM Cloud Solutions by Sogeti

Sogeti Cloud Demo Center
A Cloud Center based on IBM CloudBurst

Microsoft Cloud Solutions by Sogeti

IC2 - Innovation Cloud Center
Sogeti's International Platform decicated to Microsoft Cloud Computing

 

Downloads

Flyer Smart Security in the Cloud (pdf)