Welcome!

Agile Computing Authors: Elizabeth White, Yeshim Deniz, Pat Romanski, ManageEngine IT Matters, Liz McMillan

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @BigDataExpo, SDN Journal

@CloudExpo: Article

Best Practices to Ensure Security in the Private Cloud

A private cloud environment significantly reduce risks by providing secure, multi-layer segmentation of client access and data

As regulatory oversight across the financial landscape continues to drive greater transparency and stricter penalties, outsourcing to the private cloud has become an integral resource for hedge fund and private equity managers. Cloud infrastructure services are now synonymous with increased efficiency, decreased costs and added security. However, security in particular remains a key concern for many financial services firms. The costs a cloud services provider can incur in dealing with a security breach, both financially and to its reputation, can be devastating.

Infrastructure providers, particularly those catering to financial services firms such as hedge funds, must have strict policies in place and employ best practices to ensure that their clients receive the same level of security as they would achieve with an on-site network. While most participants in the financial services industry are familiar with the benefits that cloud computing offers in terms of efficiency, scalability and cost savings, two of the features that seem to be forgotten are increased security protection and risk mitigation.

The key differentiator between launching an in-house network as opposed to outsourcing to a hosted services provider is that service providers offer economies of scale that enable them to deploy institutional strength security services to ensure the client's environment is protected and secure. A large portion of spending by cloud providers goes directly into measures that ensure the highest levels of security and data protection. This will typically include services such as advanced intrusion detection, traffic monitoring, forensic analysis and incident history/investigation. These systems and processes can range into the hundreds of thousands and even millions of dollars in some cases. Therefore they are usually not deployed by a hedge fund or private equity firm's in-house IT staff.

One of the major advantages of a private cloud environment is that it can significantly reduce risks by providing secure, multi-layer segmentation of client access and data. When examining cloud providers, financial service firms should keep in mind a few key factors. The first factor is the location of your data. Clients will always have questions about where their data is being stored, who can gain access to it and how it is secured from being accessed. This may be the most important factor for cloud computing providers, but it is also something that is commonly overlooked when potential clients are reviewing data security. Most data breaches do not take place via cyber-attacks, but instead they will occur when hard disks or backup tapes are misplaced or stolen. A common best practice backup procedure for an on-site server is to rotate the tapes off-site.

Consideration must also be given to the concept of physical servers versus a shared environment. In a service provider's data center, multiple companies will share services on the same infrastructure, which in some cases may raise a red flag in the mind of a CFO or CTO. When resources in a data center are shared, security and segregation must be guaranteed at every layer, from the server to the network to the storage.

Network is the next factor that must be considered. Methods such as data encryption - where files may be encrypted prior to transmission - can prevent data from being used should it be compromised at any point during transmission. The hosted service provider is responsible for supplying the firm with a storage solution that provides secure data segmentation and enables rapid resource allocation. The hosted storage provider should provide high data availability and disaster recovery, particularly after what Wall Street firms experienced during Hurricane Sandy in October 2012. Service providers must also be able to offer data replication for off-site backup and archiving in the case of an emergency. Protecting the firm against all possible natural disasters and intrusions is now a major deciding factor for financial decision-makers.

Another factor that is now emerging as a standard business practice due to the amount of executives that are constantly on the go is the management of mobile devices. In today's fast-paced business environment, mobile devices essentially serve as an extension of a firm's offices, so they should be incorporated into all security measures. A service provider should take the necessary steps to actively manage these resources, including implementing and managing a password policy and being able to remotely wipe the device's memory of all information if it is lost /stolen.

The bottom line is that companies considering a move to the private cloud need assurance that service providers offer security standards and best practices that are better than what they can received from on-site or internal technology services. By taking into consideration the various components discussed throughout this piece, firms can ensure up front that a service provider has taken the necessary steps to provide a robust and secure platform environment for their business technology.

More Stories By Viktor Tadijanovic, CTO, Abacus Group LLC

Viktor Tadijanovic is a Founding Member & CTO of the Abacus Group. He is the principal architect for Abacus's Hosted IT Platform. Previously, he was a Senior Systems Architect at the Gerson Lehrman Group (GLG). Prior to GLG, he was a Technical Director at Eze Castle Integration where he was responsible for managing technology delivery to all hedge fund clients in New York City and Connecticut. Viktor possesses accreditations from NetApp, Cisco, VMware, Citrix and Microsoft. He received a degree in Network Engineering and Data Communications from the Chubb Institute in New York.

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
"The Striim platform is a full end-to-end streaming integration and analytics platform that is middleware that covers a lot of different use cases," explained Steve Wilkes, Founder and CTO at Striim, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We provide IoT solutions. We provide the most compatible solutions for many applications. Our solutions are industry agnostic and also protocol agnostic," explained Richard Han, Head of Sales and Marketing and Engineering at Systena America, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, discussed the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insights from the vast t...
SYS-CON Events announced today that EnterpriseTech has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. EnterpriseTech is a professional resource for news and intelligence covering the migration of high-end technologies into the enterprise and business-IT industry, with a special focus on high-tech solutions in new product development, workload management, increased effic...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and ...
SYS-CON Events announced today that CHEETAH Training & Innovation will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CHEETAH Training & Innovation is a cloud consulting and IT training firm specializing in improving clients cloud strategies and infrastructures for medium to large companies.
SYS-CON Events announced today that Datanami has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datanami is a communication channel dedicated to providing insight, analysis and up-to-the-minute information about emerging trends and solutions in Big Data. The publication sheds light on all cutting-edge technologies including networking, storage and applications, and thei...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...