Even though private Infrastructure-as-a-Service (IaaS) cloud takes hardware management off an organisation’s plate, it doesn’t shirk their responsibility for security. In fact, the IaaS model tends to bring more security responsibilities to the organisation than other cloud models because the provider is only responsible for the infrastructure, according to the Cloud Security Alliance.
The good news is organisations can do their part to ensure the cloud remains secure by using a business process approach. By looking at what data employees have access to in the regular IT environment, organisations can begin to formulate a security policy in line with business operations. Here are security questions organisations should ask themselves when moving to private IaaS cloud.
What are your security and privacy requirements? What are the industry or government regulations to which your organisation must adhere?
How will you classify data and who owns it? This task might be given to a designated person in each department, who then can also give other individuals access to the data as they see fit.
Who has access to what? This includes managing authorisations, including employees who may need to gain access to additional privileges.
How will you add or remove users? This is essential for when new hires come on board or employees leave. Also keep in mind how quickly you want to be able to remove a user.
What web sites can be accessed? And how can users access blocked web sites they might need?
What data do you want to protect from other internal users? For instance, pay information is usually walled off from all other departments and users.
How will you monitor data and activity? This is crucial to watch for changes made to data, compliance with SLAs and for when it comes time to do data audits.
A good cloud services provider will guide you through your security process policy so that it matches up with your technical security requirements. Stay tuned for Part II where we delve into the technical security piece of your cloud.