Cloud models for reducing security risks

Cloud computing has given rise to new and varied security risks, challenging organizations in every sector to understand the risks and develop a holistic IT security policy that takes into account the cloud dimension. In my first blog on this topic, I shared some of the different types of cloud security risks that emerge from cloud services themselves, the data involved in their delivery, accessing cloud services and the unique compliance issues involved with cloud computing.

This follow-up blog focuses on the solutions and expertise required to ensure cloud security. Although it would be impossible to ever fully remove 100 percent of the risk of using cloud services, there are a number of approaches that can effectively manage and mitigate these risks. Two of these key approaches are outlined below. 

• Hybrid cloud model: This type of model involves using a mix of public and private clouds, and its adoption is on the rise. The hybrid model allows private, more secure clouds to be used for typical, day-to-day infrastructure activities, while providing the flexibility of hosting other applications within the public cloud to support pay-as-you-go models and other public cloud benefits.

  Sensitive data can remain stored within the private cloud infrastructure, and any data that needs to be transferred to the public cloud can be stripped of sensitive information before transfer. A number of mechanisms to support this, such as tokenization and encryption, already exist.

• Cloud brokerage/federation model: Many organizations are increasingly realizing that, to fulfil their cloud needs, they need to procure multiple cloud services from multiple providers. As a result, these organizations are starting to look toward the cloud brokerage/federation model to manage the consumption of multiple cloud services. This model provides a single pane of glass view of both cloud providers and consumed services.

  While the value of the multi-cloud services model is increasing, the model poses challenges around identity access management and the efficient on-boarding and off-boarding of users from multiple cloud services. Cloud access security brokers (CASB) and security-as-a-service solutions aim to address these challenges. CASBs act as an intermediary between end users and the cloud services themselves and function as security enforcement, combining and interjecting enterprise security policies as the cloud-based services are accessed.

The challenges around cloud security are complex but not insurmountable. Organizations should ensure they have the right model and supporting infrastructure in place to meet their security needs and comply with industry requirements. As the number of cyber threats and attacks continue to increase rapidly, the need to continually monitor systems and respond in real time also is critical.

CGI's cloud security and consulting services and solutions, such as CGI Unify360, help clients across all industries manage their cloud security needs—from compliance and audits to policies and architecture—without the high costs of ownership. Contact us if you have any cloud security issues you’d like to discuss.