Security in the Cloud

Over the last few years, audit controls, compliance regulations, and damage to reputations due to data breaches have continued to increase and show no signs of slowing down.

As a result, organizations have experienced difficulties with managing change and developing strategies that mitigate risks associated with accidental data disclosure, while enabling cost-effective IT operations. Additionally, analysis of attack trends over recent years indicates that sensitive data continues to be the focus of modern cybercrime, making that a top priority for where to focus enterprise IT security efforts. The challenge that organizations face is how best to protect their sensitive data while balancing ease of use, cost, and scale.

Another related trend in protecting sensitive data is the rapid adoption of cloud services within organizations, whether at the platform, infrastructure, or product level. Depending on the size, sophistication, and function of an organization’s traditional physical infrastructure, the path to a cloud-enabled or cloud-based operating environment may vary significantly from organization to organization. As assets, applications, and data flows move into, though, and around the cloud environment, new challenges emerge around ensuring the security of sensitive data. By taking a data-centric approach to security, organizations can experience the operational benefits of cloud infrastructure and maintain best-practice data security within a single construct and at significant cost savings.

The International Data Corporation (IDC) predicts that, by 2016, there will be an 11 percent shift of IT budget away from traditional in-house IT delivery toward various versions of cloud computing. By 2017, 35 percent of new applications will use cloud-enabled, continuous delivery, allowing faster DevOps life cycles to streamline rollout of new features and business innovation. By 2018, more than 60 percent of enterprises will have at least half of their infrastructure on cloud-based platforms.1 A data-centric approach to securing cloud infrastructure—defining technical solutions based on the format and life cycle of data—can save organizations capital expenditures and the costly man-hours required to track down existing infrastructure complexities, nuances, and out-of-date systems. The ability to leverage a low-cost platform to pool and aggregate security monitoring metadata facilitates the ability to perform advanced analytics within a cloud infrastructure environment.

This paper describes the current state and challenges faced by organizations that rely on traditional on-premise systems in today’s rapidly shifting and increasingly complex environment. In response to these challenges, we describe the motivation, technical approach, and business advantages associated with Booz Allen Hamilton’s experience with migrating traditional IT environments into Amazon Web Services, while not only maintaining compliance with common frameworks (e.g., PCI, HIPAA, FISMA), but also achieving best-in-class data protection.