Real-World Cloud Computing
Best Practices to Ensure Security in the Private Cloud
A private cloud environment significantly reduce risks by providing secure, multi-layer segmentation of client access and data
Dec. 31, 2013 07:15 AM
As regulatory oversight across the financial landscape continues to drive greater transparency and stricter penalties, outsourcing to the private cloud has become an integral resource for hedge fund and private equity managers. Cloud infrastructure services are now synonymous with increased efficiency, decreased costs and added security. However, security in particular remains a key concern for many financial services firms. The costs a cloud services provider can incur in dealing with a security breach, both financially and to its reputation, can be devastating.
Infrastructure providers, particularly those catering to financial services firms such as hedge funds, must have strict policies in place and employ best practices to ensure that their clients receive the same level of security as they would achieve with an on-site network. While most participants in the financial services industry are familiar with the benefits that cloud computing offers in terms of efficiency, scalability and cost savings, two of the features that seem to be forgotten are increased security protection and risk mitigation.
The key differentiator between launching an in-house network as opposed to outsourcing to a hosted services provider is that service providers offer economies of scale that enable them to deploy institutional strength security services to ensure the client's environment is protected and secure. A large portion of spending by cloud providers goes directly into measures that ensure the highest levels of security and data protection. This will typically include services such as advanced intrusion detection, traffic monitoring, forensic analysis and incident history/investigation. These systems and processes can range into the hundreds of thousands and even millions of dollars in some cases. Therefore they are usually not deployed by a hedge fund or private equity firm's in-house IT staff.
One of the major advantages of a private cloud environment is that it can significantly reduce risks by providing secure, multi-layer segmentation of client access and data. When examining cloud providers, financial service firms should keep in mind a few key factors. The first factor is the location of your data. Clients will always have questions about where their data is being stored, who can gain access to it and how it is secured from being accessed. This may be the most important factor for cloud computing providers, but it is also something that is commonly overlooked when potential clients are reviewing data security. Most data breaches do not take place via cyber-attacks, but instead they will occur when hard disks or backup tapes are misplaced or stolen. A common best practice backup procedure for an on-site server is to rotate the tapes off-site.
Consideration must also be given to the concept of physical servers versus a shared environment. In a service provider's data center, multiple companies will share services on the same infrastructure, which in some cases may raise a red flag in the mind of a CFO or CTO. When resources in a data center are shared, security and segregation must be guaranteed at every layer, from the server to the network to the storage.
Network is the next factor that must be considered. Methods such as data encryption - where files may be encrypted prior to transmission - can prevent data from being used should it be compromised at any point during transmission. The hosted service provider is responsible for supplying the firm with a storage solution that provides secure data segmentation and enables rapid resource allocation. The hosted storage provider should provide high data availability and disaster recovery, particularly after what Wall Street firms experienced during Hurricane Sandy in October 2012. Service providers must also be able to offer data replication for off-site backup and archiving in the case of an emergency. Protecting the firm against all possible natural disasters and intrusions is now a major deciding factor for financial decision-makers.
Another factor that is now emerging as a standard business practice due to the amount of executives that are constantly on the go is the management of mobile devices. In today's fast-paced business environment, mobile devices essentially serve as an extension of a firm's offices, so they should be incorporated into all security measures. A service provider should take the necessary steps to actively manage these resources, including implementing and managing a password policy and being able to remotely wipe the device's memory of all information if it is lost /stolen.
The bottom line is that companies considering a move to the private cloud need assurance that service providers offer security standards and best practices that are better than what they can received from on-site or internal technology services. By taking into consideration the various components discussed throughout this piece, firms can ensure up front that a service provider has taken the necessary steps to provide a robust and secure platform environment for their business technology.
Reader Feedback: Page 1 of 1
SOA World Latest Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week