Security by Design It’s all in the cloud with no hardware involved
BWy Ben Rowe
e know by now that there is an abundance of business advantages in the cloud — it’s agile and cost-efficient, and, with little to no hard- ware maintenance, it’s easier to update and per- form maintenance on than traditional on-site
of time dedicated to completing risk assessments. Risk assessments enable a manufacturer to eliminate possible failures and reduce the impact of the ones that are likely to place regardless of preparation.
As cloud services have matured, protection of privacy has become a risk that cannot be ignored. Assessments can identify sensitive in- formation that is used and stored by the product. With this knowl- edge, manufacturers can better prepare a product in development and identify potential focus points when utilizing third party pen testers.
Choosing the Right Provider
Another aspect that is crucial to building a secure cloud-based solu- tion is determining the characteristics required for a cloud provider. Cloud-based security use cases generally include the transmission of large amounts of data, so storage is a major factor to consider. The amount of data being generated today is staggering: According to IDC, 41.6 billion Internet of Things (IoT) devices will generate 79.4 zettabytes of data in 2025. most of it from video surveillance. As a result, cloud providers must be able to provide adequate storage for these applications that collect large amounts of data.
With so much data, data loss prevention (DLP) services are re- quired to help ensure data is not being moved without your knowl- edge. Some providers are able to provide this for an additional fee. Depending on the data stored, this may be worth the investment.
Many virtualization technologies exist and are scriptable, provid- ing the immutable infrastructure which can help teams on multiple levels with disaster recovery and more if an infrastructure issue is
servers. Cloud architecture is built to scale with processing and stor- age needs, meaning organizations can scale up (or down) as needed, and without the concern of outdated software or hardware.
But building a cloud-based service takes time and forward-think- ing innovation. After all, the security of the cloud has long been called into question. As more and more customers demand cloud- based services for their businesses—and discover the advantages they provide—it is critical for end users and integrators to understand how these solutions can, and must, be built with security in mind every step of the way.
Architecture and design play a large role in determining how to properly use and update security protocols. Many companies, in- cluding Arcules, have adopted the concept of “security by design,” whereby from day one, the security of the solution is considered and kept at the forefront throughout the entire process. For a cloud-based service, this method of oversight is critical as the data is typically transmitted over the internet. There are a number of ways to establish security by design within the product lifecycle.
Risk Management
At the beginning of the lifecycle process, there’s a significant amount
22
0919 | SECURITY TODAY
CLOUD SECURITY
Siberian Art/Shutterstock.com