2. Use encryption.
This time, it’s not just me advocating encryption! During his Judiciary Committee presentation, Gen. Alexander indicated encryption is one of the technologies they will employ to add further security to the NSA infrastructure.
When you look at your cloud initiatives, especially if they involve use of the public cloud, make sure you are building in the appropriate security measures. Encryption, as long as it is properly implemented and includes a scalable, secure key management system that you control (not your cloud service provider), is one of the best methods to ensure data privacy.
As I have discussed in previous blogs, one of the many advantages of encryption is that it essentially makes the default state of your data secure. This means that you can build a security program from the inside out, rather than from the outside in, starting with what you are trying to protect in the first place: your data.
Best practices for preventing insider threats in the cloud
Using administrative control and data encryption in tandem can go a long way to preventing the kinds of threats we’ve witnessed with Snowden and other ‘insider’ incidents.
Consider defining a group of administrators who will be responsible for your virtualized infrastructure, and make sure you have appropriate 2-factor authentication, access controls, policies and monitoring to define and enforce acceptable behavior. The administrators who manage your encryption policies should ideally be a different set of people. For example, the owners of the databases where sensitive information is held can use encryption to prevent any VM administrator from ever being able to access to the data.
Once you have locked down your admin control and your data, the next step on your path to a secure cloud may involve building a root of trust down to the hardware level. For example, today it’s possible to define good known hosts using Intel’s TXT technology. Imagine if you could tag your sensitive VMs and ensure that they only run on specified hosts, and within a specific geo-location.
I believe this level of control and visibility will make all cloud infrastructures dramatically more secure, paving the way to even greater adoption. What steps will you take in 2014 to secure your cloud?
Sign up for Computerworld eNewsletters.