By Jan De Clercq
Cloud computing is highly appealing to today’s organizations. It offers cost savings to the business as well as elasticity, scalability, and flexibility to IT operations. But, at the same time, cloud computing also brings new challenges. Putting organizational computing resources and data in a converged cloud can create an attractive new target for hackers.
The cloud’s virtualization technology and the sharing of resources it enables create a security. IT must therefore adapt its approach to security, modeling it to the unique challenges of the cloud. Security for a converged cloud age should be information-centric, instead of perimeter-based; built in, instead of bolted on; adaptive, instead of static; and risk-based and proactive, instead of reactive.
To successfully transition to the cloud, organizations must evaluate numerous risks and manage them over time. These risks include the security of client access devices, the security and availability of cloud servers, the extension of identity and access management into the cloud, and security and compliance management in the cloud.
Organizations should focus on a set of five key security processes to secure their converged cloud environment.
- Secure virtual machine lifecycle management
- Secure service aggregation and cloud bursting
- Secure data lifecycle management
- Secure universal remote access
- Secure federated identity and access management
I will discuss each of these key security processes in individual blog posts, starting with secure virtual machine lifecycle management. This is not an exhaustive list of the security processes that are needed to securely operate and maintain a converged cloud environment. I selected these five processes because organizations do not always pay the same level attention to them as they do for other classical security management-related processes such patch, change, incident, compliance management and so on.
To help organizations secure their converged cloud, HP Technology Consulting offers Cloud Protection services, which are designed to assist organizations wherever they are in the journey to the cloud. We can help assess cloud-specific risks, lay out a roadmap for cloud security, assist with the design of a secure cloud, or simply mature the security and operational readiness of an organization’s cloud operating environment.
Update! here are the links to my "Cloud Security" series of articles:
- Part 1/VM Image Lifecycle: Enable 5 Key Security Processes to Protect a Converged Cloud (link)
- Part 2/Service Aggregation and Cloud Bursting: Enable 5 Key Security Processes to Protect a Converged Cloud (link)
- Part 3/Secure Virtual Machine Lifecycle Management: Enable 5 Key Security Processes to Protect a Converged Cloud (link)
- Part 4/Secure Universal Remote Access: Enable 5 Key Security Processes to Protect a Converged Cloud (link)
- Part 5/Secure Federated Identity Management: Enable 5 Key Security Processes to Protect a Converged Cloud (link)
- Read this white paper to learn more about handling security risks in the cloud: "5 Cloud Security Concerns You Must Address"
- See what's happening around cloud computing at HP Discover 2012
- Learn more about HP's Cloud Protection Services
- Find out more about other HP Cloud Consulting Services
- Listen to Jan's podcast about cloud security, identity and access management, mobility security, and security for Microsoft platforms and solutions: podcast.
Jan De Clercq is a solution architect with HP's worldwide HP Technology Consulting IT assurance portfolio team. He focuses on cloud security, identity and access management, mobility security, and security for Microsoft platforms and solutions.