5. Watch Out for Additional Services
A common gotcha is additional vendor services that might sit on top of Amazon or Azure storage. A large number of vendors piggyback on these storage services with additional features or tools. Many are certified, but not all.
“Make sure any additional services you use on top pursue their own security certifications and attestations to protect data at rest and in motion,” said Bloom. “This will allay fears and give people comfort in sending data through a SaaS-based service.”
6. Use Cloud Security Services
A compilation of a year’s worth of data generated and analyzed from more than one thousand Sumo Logic customers running apps and infrastructure on AWS (The State of Modern Applications in AWS), found that security was the number one priority among those heavily invested in the public cloud. Yet these customers failed to use existing services that would help them make their applications and storage more secure in the public cloud.
For example, only 50 percent were leveraging AWS CloudTrail for primary security audits.
“This service will provide visibility into all user actions on AWS,” said Bloom. “Lack of visibility into cloud operations and controls stands as the largest security issue.”
7. Turn on Logging
Bloom also advised users to turn on logging within AWS. More specifically, activate Amazon CloudWatch to log all your systems.
Certain industries require specific compliance and certifications, such as HIPAA for healthcare-related applications and PCI DSS for financial transaction processing. Even for applications that are not governed by mandatory compliance standards, business needs and internal policies require a strong focus on security.
“Designing and certifying a compliant application stack from the infrastructure up can be a tedious process,” said Mohan. “Activities such as penetration testing and arranging independent certification reviews can take time away from the core focus of the application.”
He said Amazon's cloud infrastructure is designed and certified for a number of commonly used compliance and audit standards, making it easier and faster for end users to build, certify and run their own compliant applications on AWS. Among the list of certifications and audits supported are PCI DSS Level 1, SOC reports and ISO 9001.
9. Be Aware of Geographic Issues
Regional and national differences bring complexity into the security picture. Germany, for example, has very strict rules about customer data leaving its borders.
“Understand which region or which legislation your data is located in as well as whether you can move it at all,” said Goran Garevski, vice president engineering at Comtrade Software. “Some countries and verticals have specific information management regulations.”
10. Bring it Back
Just because you move data to the cloud doesn’t mean it has to always stay there. The IDG survey discovered that nearly 40 percent of those using public cloud storage have brought some workloads back in-house. Why? The top reasons for abandoning public cloud deployments are security (55 percent) and cost (52 percent) concerns, followed by manageability, reliability/performance, lack of flexibility/customization, support/service issues, and concerns about the level of control over resources or data.
By following the guidance our experts offer above, however, it may not be necessary to bring too many workloads back into the enterprise.
Photo courtesy of Shutterstock.