In Part I, we covered off how organisations are partially responsible for guiding the IT security strategies in Infrastructure-as-a-Service cloud. The focus there is mostly on business processes that an organisation likely already considers when protecting itself from regular IT security risks.
Now we’ll get into the technical part of establishing solid IT infrastructure security in the cloud. Here are some areas to discuss with your cloud services provider to mitigate IT security risks in the cloud.
Do you need client networks to be open? Unless your organisation requires each client network to remain open, a cloud services provider can segregate networks so they cannot talk to each other to prevent IT security risks in the cloud.
Who do you want to have access to your cloud? Organisations will have to manage or get their provider to manage the staff members that have access to the cloud to prevent IT security risks via domain access, Active Directory or remote access, for example. It all depends on the requirements you’ve outlined when building your IT security strategies for the cloud.
How do you want your network connection configured? To prevent IT security risks, you can use secure VPN connections over the internet or install private WAN connections so external parties do not have access.
How will you monitor network security in the cloud? Just like in the traditional data centre, you can deploy IPS/IDS devices in the network to monitor cloud servers on the domain and scan them and the network for IT security risks.
How will you address firewalls to prevent IT security risks? For instance, Datacom can configure the firewalls or clients can bring their own firewalls to lock down the cloud network — it all depends on the IT security risks you want to avoid.
What type of hypervisor protection exists to prevent IT security risks in the cloud? Is the virtual machine protected at the hypervisor level as soon as it comes on?
How deep does protection go to prevent IT security risks in the cloud? Does your cloud services provider offer end-to-end IT infrastructure security? What type of antivirus is in place?
Datacom can help organisations understand their IT security risks in the cloud. We look at every organisation on a case by case basis and then implement their IT security strategies in the cloud environment.