Cloud Security Starts with the Basics
At this point, what is keeping CISSPs up at night? Is it DDoS attacks, creepy malware, data leakage, or even accidental deletion caused by that new intern? Perhaps it is recurring hallucinations where key systems - on premises, or in the cloud - are compromised by viruses, worms, Trojans, rootkits, botnets or spam, or worst yet, an evil crime syndicate, like something from Mission Impossible.
The increasing cyber attacks have everyone feeling a bit jumpy, and if the biggest companies in the world are getting hacked, is there any hope for small guy, or mom and pop? Okay, this is where we need to take a big deep breath. Yes, cyber crime is here to stay, but the good news is Security Best Practices can help businesses find gaps and bugs, fix vulnerabilities, and (hopefully) stay one step ahead of those pesky digital miscreants.
For starters, let’s tackle a paramount concept in systems security: The Information Security Management System or ISMS. The easiest way to think of an ISMS is as a collection of information security policies and processes for your organization’s assets. (readers who really want to geek out on ISMS can check out ISO 27001)
Without a doubt, companies who are vigilant about building and maintaining their ISMS are building a strong base in security. In fact, taking a methodical approach to managing security, and using the basic building blocks of widely adopted global security approaches that make up ISMS will without exception help companies improve their overall security position.
It is crucial to understand that an ISMS in the cloud is built on the concept of “shared responsibility”. Many people may have heard of this term, but what does it really mean? Basically, “shared responsibility” means cloud providers are in charge of their data centers, and also liable for certain (often very limited) aspects of the performance of their products. Businesses are basically responsible for everything else. In other words, they are “solely responsible” for protecting the confidentiality, integrity, availability and protection of their data. No wonder your CISSP friend keeps a roll of Tums handy in her desk.
One key to a robust ISMS is Identity and Access Management (IAM), defined loosely as the controls companies can configure to manage user and permissions. Fine grain control of IAM allows security professionals to manage users, and issue security credentials such as passwords, access keys, and permission policies that can access to services and resources.
“Even basic compute instances offer a set of flexible and practical tools for managing keys and providing industry-standard authentication” indicates Brian Tunison - Director, Service Delivery & Design at cloud integrator RestonLogic. “We work with our clients to prioritize and leverage controls including monitoring, and bake those into their infrastructure, containers and abstracted services.”
But beyond IAM, bastion hosts can help businesses protect assets, manage access to resources, and secure data in the cloud. Another established layer of protection between the cloud and mission-critical systems is protecting data “at rest” or “in transit’ which can include data encryption, data integrity authentication, data signaling, timestamping and more. Additionally, advisor tools can offer snapshots of services, and help security pros identify unintended misconfigurations, and can even offer suggestions for improving system performance.
So what is a takeaway? Businesses just starting out may want to use a "phased" approach to building their ISMS. Also, factors change all the time so it is good practice to frequently update and manage an ISMS. Lastly, conventional security and compliance concepts that work on premises (some of them decades old) will still probably apply in the cloud.
So the light you see at the end of the tunnel doesn’t have to be an oncoming train. Companies able to accurately identify the assets they need to protect, and devise technically and financially viable solutions to reduce security risks are going to be less attractive for the bad guys to target.
RestonLogic: Based in the Washington D.C. Metropolitan Area, RestonLogic is a cloud-systems integrator with over 10 years experience building scalable, secure and cost-effective solutions
Director, Service Delivery & Design
85 Broad St. NYC
This release was published on openPR.
Permanent link to this press release:
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release Cloud Security Starts with the Basics here
News-ID: 1278695 • Views: 971
More Releases from RestonLogic
Simple Cheat Sheet for Cutting Costs in the Cloud
RESTON, Va. - Oct. 2, 2018 -- Facing never-ending pressure to optimize efficiency and compete in disrupted industries, senior managers are increasingly looking for any strategic edge that maximizes investment returns. Obviously, every company has its own unique strategy for watching its bottom line but now cost control is even offered “as a service” in the cloud with a small army of consultants dedicated solely to parsing through your monthly
Operation Overhaul: How RestonLogic Swapped Out a Monolith for a Microservices-B …
RESTON, Va. - Sept. 24, 2018 -- Monolithic or legacy systems - often built with large clunky components - can slow companies down (or even stop them in their tracks) especially if they need to scale up, scale down, or duplicate the app and stand it up on more machines. The Job: Tear down a legacy system and rebuild it as a new app with a microservices-based architecture The Client: California-Based Company
Popularity for Containers Swells but Deployment and Management Requires Sharp To …
RestonLogic Offers Advanced Container Strategy Sessions to Interested Companies RESTON, Va. - Sept. 19, 2018 - The popularity of standing up containers as a portable and highly-efficient way to share system resources and deploy applications continues to swell. This trend isn't surprising considering a recent study found 66% of organizations using containers saw "accelerated" developer efficiency, and 75% of organizations achieved at least a moderate-to-significant increase in application deployment speed. Basically, containers are
More Releases for ISMS
Security at the core: Avenga ISMS Committee
Avenga, a global IT and digital transformation company, held its first internal Information Security Management System Committee (ISMS) meeting. The Avenga ISMS Committee is a permanent collegiate organization that was created with the purpose of covering all the company’s activities within the scope of information security across all the Avenga markets (US, DACH, UA, PL). The ISMS Committee participates in the management system review on an annual basis as security
CPG Accredited as CSA Certification Body - Global Audit Body expands offerings
Certification Partner Global (CPG) is pleased to announce that it Corporate Membership of CSA, the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. Concomitant with this, CSA has accredited CPG to audit Cloud Service Providers (CSPs) for STAR (Security, Trust and Assurance Registry) Certification. The STAR Certification evaluates the effectiveness of a CSP's ISMS, with specific reference to the
First Colo celebrates the successful recertification according to ISO/IEC 27001: …
TÜV Rheinland has successfully recertified First Colo GmbH’s company-owned computer centre in Frankfurt am Main according to ISO/IEC 27001:2013. The main emphasis of the aforementioned recertification was put to continuous adherence and further development of the Information Security Management System (ISMS) along First Colo’s entire value chain. Key elements of the audit were both the business’ internal processes as well as the interfaces to customers and suppliers. The computer centre
Global Manager Group Released ISO 27001-2005 ISMS Training Presentation Kit
Global Manager Group, a leading ISO consultancy and management consultancy company released ISO 27001-2005 ISMS training presentation kit http://www.globalmanagergroup.com/iso-27001-auditor-training-presentation-kit.htm for Information Security Management System certification as per iso 27001 standard for any organization. Ready made iso 27001 training kit is in editable word format and prepared as per iso 27001 standard. IT security system with iso 27001 ISMS training kit enables user to change the contents as per their organization
Global Manager Group Released ISO 27001-2005 ISMS Document Kit
Global Manager Group, a leading ISO consultancy and management consultancy company released ISO 27001-2005 ISMS document kit http://www.globalmanagergroup.com/iso-27001-standard-documents-manual-procedure-audit-checklist.htm for Information Security Management System certification as per iso 27001 standard for any organization. Readymade iso 27001 documentation kit is in editable word format and prepared as per iso 27001 standard. IT security system with iso 27001 document kit enables user to change the contents as per their organization requirements. The user
Global Manager Group Released ISO 27001-2005 ISMS Document Kit
Global Manager Group, a leading ISO consultancy and management consultancy company released ISO 27001-2005 ISMS document kit [http://www.globalmanagergroup.com/iso-27001-standard-documents-manual-procedure-audit-checklist.htm] for Information Security Management System certification as per iso 27001 standard for any organization. Readymade iso 27001 documentation kit is in editable word format and prepared as per iso 27001 standard. IT security system with iso 27001 document kit enables user to change the contents as per their organization requirements. The user