Cloud Security: Business Continuity and Disaster Recovery Planning

Myths about the Cloud and BC/DR Plans

When it comes to Business Continuity and Disaster Recovery Plans for cloud environments, we often hear this feedback:

  • “I’m in the cloud so I don’t have to worry about Business Continuity and Disaster Recovery Plans because my cloud provider does those for me.”
  • “We don’t need to test our Business Continuity and Disaster Recovery Plans, we’ve thought it all through.”
  • “Our cloud service provider is taking care of all our availability concerns, we don’t need Business Continuity and Disaster Recovery Plans.”
  • “Everything is in the cloud, so we aren’t at risk.”

This way of thinking couldn’t be further from the truth, though. This lift and shift methodology is hurting businesses who believe cloud service providers take care of business continuity and disaster recovery needs. Business Continuity and Disaster Recovery Plans are not a technology roadmap; they describe how to recover business operations, which includes people and processes. How could cloud service providers cover your people and processes? Getting into the lift and shift mindset cultivates complacency, which is a dangerous spot to be in.

In this webinar, Michael Burke gives listeners food for thought on what Business Continuity and Disaster Recovery Plans are, why you should test them, best practices, and how the cloud impacts them.

Want to learn more about cloud security and the assessment options that are available? Contact us today.

More Business Continuity and Disaster Recovery Resources

Business Continuity and Disaster Recovery Planning Checklist

3 Steps for an Effective Disaster Recovery Plan

How Cloud Computing is Changing Small Business

Cloud Security: The Good, The Bad, and The Ugly

Cloud Security Best Practices

Cloud environments bring advantages to businesses of all sizes–reduced cost, flexibility, low risk, efficiency–so why do you need to go the extra mile and implement cloud security best practices? Security vulnerabilities exist, even in the cloud. Traditional security problems of an internal network still show up in cloud environments, like one vicious cycle.

In this webinar, we discuss three areas where traditional security problems must be reassessed for cloud environments: credential reuse and management interface, secure configurations, and system logging and monitoring.

1. Credential Reuse and Securing the Management Interface

In a traditional internal network, you may encounter issues like the same local administrator account being used on all deployed workstations, domain administrator permissions being granted to daily use accounts, and static password service accounts having administrative permissions. You could encounter these same traditional security problems in cloud environments, they’ll just look slightly different. For example, the same SSH key may be used for all IaaS server instances without securing the private key properly, administrator permissions may be granted to daily use accounts, and account keys may be used for scripted automation tasks.

2. Managing Secure Configurations

Secure configurations are vital to a traditional internal network or cloud environments. Patching and hardening systems can be a disruptive process that requires a significant amount of resources, making it one of the most common traditional security problems. This approach dos not need to be carried over into cloud environments. To gain the advantages that cloud environments can provide, applications need to be totally transformed to bring additional business value.

3. System Logging and Monitoring

Analysis and retention of log data can easily overburden limited IT resources. In the PCI DSS framework, for example, you must retain all logs for a year. When reassessed for cloud environments, system logging and monitoring can become less expensive and burdensome. Object-based storage for retention is less expensive than large amounts of physical storage, and security-as-service providers can make the log analysis process automated.

Listen to the full webinar to learn about best practices for cloud security. For more information on cloud security assessments, contact us today.

More Cloud Resources

European Union Agency for Network and Information Security (ENISA)

The NIST Definition of Cloud Computing

Cloud Security Alliance’s Treacherous Twelve