Do You Know How To Lock Down A Cloud?

A Cloud Is No Good If You Can't Lock It…
A Cloud Is No Good If You Can’t Lock It…

Everybody loves the cloud. Or at least that’s pretty much how it seems if you’ve pick up any of the IT trade rags in the past 18 months. They are filled with articles talking about how the cloud is going to save IT departments tons of money and how it’s the next great thing. Well, not all CIOs are convinced of this and considering some of the humongous security issues that are popping up, you might want to rethink some of your cloudy thoughts…

That Darn Security Thing Wrecks Everything

Cloud computing is currently the NST in IT (that’s “New Shiny Thing”) and because of that a lot of organizations are making the leap and moving their mission critical applications into the cloud as fast as possible. Their motivation for doing this is because of the proven cost savings that cloud computing can offer to an IT department.

A study by Mimecast shows that 70% of CIOs who are already using clouds are planning on moving additional applications into the cloud during the upcoming year. The problem with this plan is that another study, this one by Cenzic, shows that 75% of cyber attacks are targeting internet applications. These attacks work just as well against a cloud based IT infrastructure as they do against today’s dedicated IT infrastructure.

How To Lock Down Your Cloud

This, of course, leads to the question of just exactly what a CIO should do. Clearly we’re all going to move into the cloud over time; however, what should we be doing to prepare for this move into an unsecured land?

The very first thing that a CIO needs to be doing is to be ensuring that all applications that are coming out of the IT department are being developed to security standards that are being enforced. This can include performing penetration testing and doing code scanning for known vulnerabilities.

Additionally, since your applications will be running in somebody else’s IT environment, you need to take the time to make sure that that environment is going to be secure. This means that you need to work wording into your service level agreements (SLAs) with your cloud providers that will ensure that they will do everything possible to protect your applications while they are running in the cloud.

What All Of This Means For You

Every CIO has to face reality: cloud computing is upon us. The financial benefits of switching from a dedicated IT infrastructure to a cloud-based infrastructure are so incredibly obvious that you won’t be keeping your CIO job for long if you don’t come up with a transition plan.

What too many CIOs appear to be overlooking is that the switch to cloud computing does not make your existing security problems go away. In fact it may actually add to your IT security challenges. To deal with this you need to implement secure coding standards and ensure that you have solid service-level agreements with your cloud vendors.

By itself, a cloud is not a bad thing. The problem is that it is a fat, juicy target for those people who want to do harm to your IT infrastructure. This means that as CIO you need to be sure to look before you leap and make sure that you’ve locked down your cloud before you make the big switch.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: Do you think that the benefits of cloud computing can be achieved if you use a private cloud?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.
P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

‘Tis the time of year that my CIO customers are starting to get itchy to try new things. The kids are out of school and greener pastures beckon. They keep asking me where they should be looking for their next CIO job. Is there any industry that will truly appreciate the value that a skilled CIO can bring to the job? It turns out that the answer is yes and right now I’m recommending one industry in particular: energy companies.