How to Secure Your Cloud

Joe McKendrick
Insurance Experts' Forum, March 4, 2014

There's been a great deal of debate, as well as erroneous assumptions, being cast about regarding cloud computing, particularly the use of public cloud services. However, a strong, well-thought-out architectural approach can make cloud computing just as safe as a locked-down on-premises system.

That's the word from Mike Kavis, a seasoned chief technology officer and IT architect. In his new book, Architecting the Cloud: Design Decisions for Cloud Computing Service Models, Kavis shows what steps companies should take to keep their data and applications safe in cloud settings.

Kavis provides three key security strategies to ensure the highest level of protection in the cloud, as well as three distinct actions.

The three key cloud security strategies consist of the following:

  1. Centralize: Consolidate “security controls, processes, policies and services, and reduce the number of places where security needs to be managed and implemented.”
  2. Standardize: Develop standardized security services and mechanisms “that can be shared across the enterprise, not a solution for a specific application.” Kavis recommends subscribing to industry best practices, l as encryption, authorization and API tokenization.
  3. Automate: Bake security into all processes without the need to human intervention.

If these bits of advice all look familiar, they should. They are best practices that have been established for security in the days of on-premises systems. Cloud doesn't make security any easier, not does it shift the onus to some outside provider. As was the case 10 years ago, security needs to be front and center in the enterprise.

As Kavis puts it, cloud consumers need to “apply security best practices to applications and services, monitor and detect security issues, and practice security prevention by addressing issues found by monitoring logs.” All basic stuff — the kind of things enterprises should have been doing 10 years ago. The methodologies, tools and standards are already available.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The IT-Savvy 10 Percent

IBM survey reveals best practices of IT leaders.

The Software-Defined Health Insurer: Radical But Realistic?

Can a tech startup digitally assemble the pieces of a comprehensive, employer-provided health plan?

Data Governance in Insurance Carriers

As the insurance industry moves into a more data-centric world, data governance becomes more critical for ensuring the data is consistent, reliable and usable for analysis.

Fear This

Just days before this Issue, which contains our security cover story, went to press, we got some interesting news: 1.2 billion unique usernames and passwords and 542 million email addresses were reportedly stolen from 420,000 websites, according to The New York Times. The websites ranged from Fortune 500 companies down to small online retailers.

Should You Back Up Enterprise Data to the Cloud?

Six questions that need to be asked before signing on with an outside service.

Modernizing Information Management

While better reporting and actuarial analysis help to support financial decisions, improved analytics and decision making greatly assist the rest of the organization.