In the previous part of this article, we discussed perimeter security, multi-layered cleansing, and encryption. In this part of the article, we shall look at other facets of Cloud security that you must look into and question.
Does the Cloud software log events for future reference? Take a look at the logs that are maintained by the system. Logs record all network events and are a record of all the intrusions that have been attempted and have failed or succeeded. If you are investigating an intrusion, the log is the first place you will start. Since most devices send log information in their own unique format (making interpretation tedious), check whether your Cloud service logging system quickly and efficiently translates all the disparate data feeds into meaningful formats (automatically) for your consumption.
But, each of the tools discussed above are individual tools that report on individual events. How does the Cloud service integrate these disparate reports and seemingly unrelated events? How does the service integrate or provide situational context to the intrusion detection process? Analytical reporting is a desirable feature in a Cloud service. Check whether your Cloud service gives you this facility. Are the dots connected and threats linked / highlighted so that you can identify and stop security breaches?
Finally, ask your Cloud vendor about provisioning of proactive and predictive tools.
Proactive tools will help you identify application vulnerabilities, provide you with threat intelligence and mitigate IT governance risk and facilitate compliance. These tools proactively and automatically scan the applications for vulnerabilities—even when the application is custom developed—and quickly gather information about weaknesses that can result in the compromise of the application or the system as a whole. Administrators can then design patches and actively secure the perimeter of the application even before attacks threaten the organization’s systems.
Predictive tools use advanced analytics to identify patterns of attacks and potential threats to the system from external data. These tools help the organization take the offensive. Sophisticated hackers and disgruntled employees can be kept at bay. This can be a powerful and effective means of securing the digital perimeter-especially where financial services are involved.
As indicated at the start of the previous article, these questions are but starters. CIOs launching on a security system analysis must delve deep into each of these areas and continue to ask the right questions and obtaining the right answers. While the exercise can be long drawn and painful, it will save the organization time, money and reputation in the long run. It may even save the business!