The openness, decentralization and speed to market that makes cloud computing so compelling also makes security a prime issue for business that deploy cloud-based solutions, whether developed internally or sourced from external providers. Understanding and addressing the full impact and potential business risks associated with cloud delivery models is essential.
To help meet the need for a rigorous, comprehensive and objective review of your application security in a cloud model, IBM® Global Business Services® offers assessment solutions focused on identifying and addressing security and privacy risks associated with current cloud applications or cloud applications in development. The security implications of cloud computing can span every aspect of the organization, including processes, data, business and operating models.
From the point of view of the end user, cloud delivery models are transparent. But for the organizations that deploy applications and businesses processes through these delivery models, cloud solutions represent a fundamental shift in the way computing services are delivered. While cloud resources may exist entirely within the enterprise, often most or all are provided externally. That means there are new potential risks associated with access to sensitive data and systems. Consequently, a clear understanding of the following security risks within the application and business environment is critical for addressing the full scope of security and privacy issues1:
Assess your cloud security readiness with robust service offerings
IBM Application Security Services for Cloud delivers a security assessment designed to help you understand business risk by enabling you to not only examine your own security posture as it relates to the cloud, but those applications from service providers you are partnering, or considering partnering with. It can help you determine the right balance of internal control and service provider autonomy in order to strike a good balance between efficiency and service level while maintaining strong and consistent enforcement of security policies. The assessment focuses on identity and access management; data protection; auditing and monitoring; and legal, regulatory and privacy requirements.
Specific recommendations are developed that cover:
Only IBM can help you create new sources of business value with cloud through deep industry and strategy expertise combined with technology innovation that leads to rapid execution and return on investment. IBM has adopted cloud computing for significant parts of its own business, has made considerable and ongoing investments in security initiatives, and is able to transfer this knowledge and holistic approach of cloud security to its clients.
Cloud professional services from IBM Global Business Services are based on proven methodologies and best practices that help ensure consistent, reliable results. They also leverage the industry-leading IBM Cloud Reference Architecture and IBM Enterprise Security Architecture, and comprehensive frameworks that help to address enterprise cloud strategy, implementation and management in a holistic approach that maximizes the business value of cloud investments while minimizing business risk.
¹Cloud Computing: Benefits, Risks and Recommendations for Information Security, European Network and Information Security Agency, 2009