siliconindia logo
CIO City >>  Expert  >>  

Radhakrishnan Vijayakumar

"Cloud as a concept is wonderful. Its success in an environment is dependent on large number of factors"

Use And Implementation Of Cloud In Business
Information Security strategy is to be tailored based on organizational business specific model and aligned to the underlying infrastructure and application base. It should be the driving factor and not a hindrance to business. Having said that, foremost component of its success will come up post a detailed study of (to name a few):
• Geographical spread of the business
• Business model
• Sectors catered
• Operating model (Internal / outsourced / hybrid)
• Infrastructure (On premise / IAAS / hybrid)
• Application (Internal / SAAS)
• Employee maturity model and awareness
• End user device form factor

With all this, the right security strategy will evolve and help build the policy and framework to create a secure business IT architecture.

Cloud as a concept is wonderful. Its success in an environment is dependent on large number of factors (though here I concentrate on access):
• Network capability of the organization
• Connectivity across locations serviced
• Last mile efficiency and efficacy
• Mobile access limitation
• Remote location accessibility

Completely urban business may succeed, with the given strength of the technology we have. However, with the current scenario, we need to evolve before we reach there for implementation spread in rural environment.

From the authentication perspective, the access granting process, session maintenance need to be stringent preferably with multi-factor authentication technique for critical application accesses. Access provisioning and de-provisioning process should be subject to periodic review.

All applications and databases hosted in cloud environment, irrespective of its criticality should be subject to application security testing and should undergo such test and fix after every enhancement / change process.

Network application and database should be monitored at all times for exception with proper alerting mechanism to all the stakeholders. The stakeholder action plan to meet the unexpected should be created, tested and exercised for known knowns and known unknowns. Well, still there might be unknown unknowns which will always pour in surprises.