Account
Please wait, authorizing ...

Don't have an account? Register here today.

×

The Cloud: Between Myths and Truths (II)

Nube

We continue with the second part of this analysis, which addresses the topic of the cloud and develops concepts about the security and implementation of this kind of technological tools.

By Gigi Agassini, CPP*

In the first part of this article, published in the previous edition, we highlighted the birth of the cloud, its development, service models and some current concepts. Now it's time to look at the deployment models for cloud computing and the risks to be taken into account in the adoption of this technology.

As mentioned in the NIST (National Institute of Standards and Technology) definition, there are four deployment models for cloud computing:
1. Private cloud. In this deployment model, the cloud infrastructure is provisioned for use by a single organization, made up of many consumers, such as business units.

2. Public cloud. This cloud infrastructure is provisioned for open use by the public. The public cloud provider may offer a limited number of configuration options, such as data location, service and performance levels, backups, and disaster recovery.

3. Community Cloud. This cloud deployment model serves a community of consumers from organizations that share interests. It can be hosted and managed by a community member or by a third party.

4. Hybrid cloud. A hybrid cloud is simply a combination of two or more distinct cloud infrastructures (private, public, community) joined together to achieve data portability or processing between the element.



Although virtual private cloud is not specifically mentioned in NIST's list as a deployment model, there is the concept of virtual private cloud (VPC) that is worth defining. VPC is a set of resources allocated within a public cloud infrastructure, but with enough isolation from other public cloud users to mimic the characteristics of private cloud infrastructure.

Cloud Risks
While the cloud offers numerous benefits, it also comes with certain risks that organizations and individuals should be aware of when adopting this technology, including:
- Data security and privacy
- Availability and downtime
- Regulatory and legal compliance
- Data leaks and loss of control
- Unforeseen costs
- Vendor lockout
- Latency and throughput
- Governance and control

All of the above risks can be mitigated with proper planning and management, including carefully choosing cloud service providers, implementing robust security measures, and fully understanding the terms of the contract. However, there are still many doubts about the security offered by the cloud, which undermines confidence in it.

The truth is that cloud security refers to the layers of protection and measures that are implemented to safeguard data, applications, resources, their environment, certifications and all this will vary depending on the provider, type of service, among others. Let's not forget that cloud security is a shared responsibility between the cloud service provider and the customer.

But what about cloud and cybersecurity? So many reports that talk about the different cyberattacks and security breaches that only grow disproportionately worldwide, which generates many doubts and little confidence in the security of migrating to the cloud or starting this process.
Implementing a governance, risk, and compliance (GRC) program is sometimes thought of as bureaucracy that gets in the way of cybersecurity work, however, it helps lay the groundwork for meeting security goals.

The three components of cybersecurity (people, processes, and technology), with a programmatic and scalable approach, are essential, so an effective GRC program will help achieve the goal and ensure that a holistic view is taken in the never-ending mission of cybersecurity.
Although governance, risk, and compliance are often considered separate functions, there is a symbiotic relationship between them. The government sets the strategy and guardrails to meet the specific requirements that align and support the business. Risk management connects specific controls to governance and assessed risks, and provides business leaders with the information they need to prioritize resources and make informed decisions about risks. Compliance is the adherence and monitoring of controls to specific governance requirements and with continuous monitoring, the feedback loop regarding effective governance is closed. Security architecture, engineering, and operations are built on the foundation of GRC.

Without a GRC program, people tend to focus solely on basic technology and processes. The breadth and depth of a GRC program varies with each organization. Regardless of its simplicity or complexity, there are opportunities to transform or scale that program for the adoption of cloud services, emerging technologies, and other future innovations.

- Publicidad -



However, there are basic requirements that each part of the GRC program must meet, governance must identify compliance requirements, conduct program evaluation, and update and publish policies, processes, and procedures; While risk management should conduct a risk assessment using pre-established threat models that can help simplify the process of assessing risks, both initial and updating, it should draft risk plans, authorize systems, and incorporate risk information into decisions; Finally, compliance must monitor compliance with security policies, standards, and controls, continuously self-assess, respond to events and changes in risk, and communicate events and changes to risk.

Governance should be goal- and capability-based, including context risk in decision-making and automating monitoring and response.

Don't forget that the cloud has enabled emerging technologies such as the Internet of Things (IoT), large-scale data analytics, machine learning, and more, as time progresses, the cloud is likely to continue to evolve to address new challenges and opportunities in the world of technology and business.

He has helped companies and individuals convert infrastructure costs from a large capital expenditure, upfront, to a "pay-as-you-go" operating cost. It allowed many startups to take off quickly while reducing the amount of cash required to set up the initial infrastructure. Companies that adopt a cloud computing model will swap initial capital costs (CAPEX) for recurring operating costs (OPEX).

In short, cloud computing is an alternative to installing and maintaining the resources of your physical computing infrastructure. There are different service models and different deployment models, each of which meets a different set of requirements and constraints.

Cybersecurity and the cloud are inextricably linked in today's digital world. As more businesses and individuals adopt cloud services, it's critical to recognize the associated risks and opportunities. Implementing robust cybersecurity practices, such as multi-factor authentication, data encryption, and user awareness, is essential to ensuring the integrity and confidentiality of our data in this ever-changing environment. By embracing technological innovation and maintaining a proactive approach to cybersecurity, we can better protect our digital future in the cloud.

If you're still thinking about migrating to the cloud, do your research and learn about the providers, services, and security levels that meet the needs of your business, or you as an individual. Explore cloud solutions and start using them; It's always a good time to do it.
See you next time!

* Gigi Agassini, CPP
International Security Consultant
GA Advisory
[email protected]

Duván Chaverra Agudelo
Author: Duván Chaverra Agudelo
Jefe Editorial en Latin Press, Inc,.
Comunicador Social y Periodista con experiencia de más de 16 años en medios de comunicación. Apasionado por la tecnología y por esta industria. [email protected]

No thoughts on “The Cloud: Between Myths and Truths (II)”

• If you're already registered, please log in first. Your email will not be published.

Leave your comment

In reply to Some User
Suscribase Gratis
SUBSCRIBE TO OUR ENGLISH NEWSLETTER
DO YOU NEED A SERVICE OR PRODUCT QUOTE?
LATEST INTERVIEWS

Entrevista a Alex Salinas, de Bolide Technology Group

El Vicepresidente de Bolide, Álex Salinas, habló sobre la participación de la compañía en la Feria Internacional de Seguridad de Bogotá ESS+. El profesional realizó un balance tras el evento y nos contó cuáles fueron las soluciones que el fabricante global presentó en la ciudad de Bogotá.

Webinar: Para todas sus necesidades de seguridad

https://www.ventasdeseguridad.com/2... Para todas sus necesidades de seguridad Por: Eduardo Cortés Coronado, Representante Comercial en México - SECO-LARM USA INC Conozca la gama de productos más vendidos y de alta calidad de SECO-LARM que utilizan las empresas profesionales de seguridad, para así garantizar soluciones confiables y duraderas.

Webinar: Seguridad y transporte conectado: Sistemas predictivos para proteger y optimizar las rutas

https://www.ventasdeseguridad.com/2... Modera: Héctor Romero, Presidente de Círculo Logístico y Director General de TLR Logística Ponentes: Rafael Escobar, Channel Manager IoT/M2M Alai Secure León Rojas Madrid, CEO Lemad Logistics Jorge González, Commercial manager Telemetría de México Introducción y datos globales del mercado del transporte y la logística (México, Latam y Europa). Las nuevas tecnologías, con el objetivo de contribuir a la mejora de procesos y toma de decisiones, se abren paso para garantizar la seguridad de vehículos del transporte y la logística (telemetría y telemática vehicular, diseño y optimización de rutas…) Ir de la mano de un operador especializado en comunicaciones M2M/IoT como Alai Secure es clave para asegurar la estabilidad y disponibilidad del servicio y garantizar la conectividad durante toda la ruta.

Top 3 noticias más importantes de la industria de la seguridad electrónica

Entre los hechos destacados de esta semana se encuentra la realización de IntegraTEC México, el evento para integradores de tecnologías; así como la fusión empresarial de Milestone Systems con Arcules y la convocatoria para aspirar a las becas ofrecidas por el Foro SIA Mujeres en Seguridad. #Seguridad #SeguridadElectrónica #Videovigilancia #VentasDeSeguridad

Webinar: Inteligencia Artificial en NVR & Cámaras Enforcer

https://www.ventasdeseguridad.com/2... Tema: Inteligencia Artificial en NVR & Cámaras Enforcer Por: Eduardo Cortés Coronado, Representante Comercial en México - SECO-LARM USA INC Fecha: Martes 28 de mayo, 2024 Hora: 10.00H (Colombia) 09:00H (México) Conozca cómo sacar ventaja de las funciones de inteligencia artificial en NVR´S 4K & cámaras IP enforcer, disuación activa, reconocimiento facial, reconocimiento de matriculas vehiculares, salidas alarma etc.
Load more...
SITE SPONSORS










LATEST NEWSLETTER
Latest Newsletter