Solutions3

A cloud security framework is a series of documented processes that are used to define policies and procedures around the implementation and ongoing management of information security controls in an enterprise environment. This frameworks is a reference model for building an information security strategy to manage risk and reduce vulnerabilities.

Examples of traditional security frameworks are: ISO27000 and NIST SP 800

Whist it’s true that many facets of enterprise security concerns carry forward into the cloud context, there are many new elements of risk and control to be considered and managed.

Take for example the comparison between your new virtual data centre in the cloud, and a traditional data centre facility with it’s fences, barriers, security guards and CCTV; whilst of course the physical elements hosting your virtual data centre still reside within a secure & well managed data centre, your new virtual data centre is governed and marshalled by a set of publicly accessible APIs and a web based management portal, and you must take responsibility for these.

In the worst case, should a set of full access privileges escape into the clutches of a malicious party your entire business operations could be eradicated with a single script: servers and databases stopped & deleted, public services and security appliances terminated, backups and archives destroyed… take a look at this article for an anecdotal story evidencing this risk: Hacker puts hosting service ‘code spaces’ out of business