Welcome!

SDN Journal Authors: Yeshim Deniz, Liz McMillan, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Best Practices to Ensure Security in the Private Cloud

A private cloud environment significantly reduce risks by providing secure, multi-layer segmentation of client access and data

As regulatory oversight across the financial landscape continues to drive greater transparency and stricter penalties, outsourcing to the private cloud has become an integral resource for hedge fund and private equity managers. Cloud infrastructure services are now synonymous with increased efficiency, decreased costs and added security. However, security in particular remains a key concern for many financial services firms. The costs a cloud services provider can incur in dealing with a security breach, both financially and to its reputation, can be devastating.

Infrastructure providers, particularly those catering to financial services firms such as hedge funds, must have strict policies in place and employ best practices to ensure that their clients receive the same level of security as they would achieve with an on-site network. While most participants in the financial services industry are familiar with the benefits that cloud computing offers in terms of efficiency, scalability and cost savings, two of the features that seem to be forgotten are increased security protection and risk mitigation.

The key differentiator between launching an in-house network as opposed to outsourcing to a hosted services provider is that service providers offer economies of scale that enable them to deploy institutional strength security services to ensure the client's environment is protected and secure. A large portion of spending by cloud providers goes directly into measures that ensure the highest levels of security and data protection. This will typically include services such as advanced intrusion detection, traffic monitoring, forensic analysis and incident history/investigation. These systems and processes can range into the hundreds of thousands and even millions of dollars in some cases. Therefore they are usually not deployed by a hedge fund or private equity firm's in-house IT staff.

One of the major advantages of a private cloud environment is that it can significantly reduce risks by providing secure, multi-layer segmentation of client access and data. When examining cloud providers, financial service firms should keep in mind a few key factors. The first factor is the location of your data. Clients will always have questions about where their data is being stored, who can gain access to it and how it is secured from being accessed. This may be the most important factor for cloud computing providers, but it is also something that is commonly overlooked when potential clients are reviewing data security. Most data breaches do not take place via cyber-attacks, but instead they will occur when hard disks or backup tapes are misplaced or stolen. A common best practice backup procedure for an on-site server is to rotate the tapes off-site.

Consideration must also be given to the concept of physical servers versus a shared environment. In a service provider's data center, multiple companies will share services on the same infrastructure, which in some cases may raise a red flag in the mind of a CFO or CTO. When resources in a data center are shared, security and segregation must be guaranteed at every layer, from the server to the network to the storage.

Network is the next factor that must be considered. Methods such as data encryption - where files may be encrypted prior to transmission - can prevent data from being used should it be compromised at any point during transmission. The hosted service provider is responsible for supplying the firm with a storage solution that provides secure data segmentation and enables rapid resource allocation. The hosted storage provider should provide high data availability and disaster recovery, particularly after what Wall Street firms experienced during Hurricane Sandy in October 2012. Service providers must also be able to offer data replication for off-site backup and archiving in the case of an emergency. Protecting the firm against all possible natural disasters and intrusions is now a major deciding factor for financial decision-makers.

Another factor that is now emerging as a standard business practice due to the amount of executives that are constantly on the go is the management of mobile devices. In today's fast-paced business environment, mobile devices essentially serve as an extension of a firm's offices, so they should be incorporated into all security measures. A service provider should take the necessary steps to actively manage these resources, including implementing and managing a password policy and being able to remotely wipe the device's memory of all information if it is lost /stolen.

The bottom line is that companies considering a move to the private cloud need assurance that service providers offer security standards and best practices that are better than what they can received from on-site or internal technology services. By taking into consideration the various components discussed throughout this piece, firms can ensure up front that a service provider has taken the necessary steps to provide a robust and secure platform environment for their business technology.

More Stories By Viktor Tadijanovic, CTO, Abacus Group LLC

Viktor Tadijanovic is a Founding Member & CTO of the Abacus Group. He is the principal architect for Abacus's Hosted IT Platform. Previously, he was a Senior Systems Architect at the Gerson Lehrman Group (GLG). Prior to GLG, he was a Technical Director at Eze Castle Integration where he was responsible for managing technology delivery to all hedge fund clients in New York City and Connecticut. Viktor possesses accreditations from NetApp, Cisco, VMware, Citrix and Microsoft. He received a degree in Network Engineering and Data Communications from the Chubb Institute in New York.

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a member of the Society of Information Management (SIM) Atlanta Chapter. She received a Business and Economics degree with a minor in Computer Science from St. Andrews Presbyterian University (Laurinburg, North Carolina). She resides in metro-Atlanta (Georgia).
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. His expertise is in automating deployment, management, and problem resolution in these environments, allowing his teams to run large transactional applications with high availability and the speed the consumer demands.
The technologies behind big data and cloud computing are converging quickly, offering businesses new capabilities for fast, easy, wide-ranging access to data. However, to capitalize on the cost-efficiencies and time-to-value opportunities of analytics in the cloud, big data and cloud technologies must be integrated and managed properly. Pythian's Director of Big Data and Data Science, Danil Zburivsky will explore: The main technology components and best practices being deployed to take advantage of data and analytics in the cloud, Architecture, integration, governance and security scenarios and Key challenges and success factors of moving data and analytics to the cloud
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations.