How to Secure Your Cloud

Joe McKendrick
Insurance Experts' Forum, March 4, 2014

There's been a great deal of debate, as well as erroneous assumptions, being cast about regarding cloud computing, particularly the use of public cloud services. However, a strong, well-thought-out architectural approach can make cloud computing just as safe as a locked-down on-premises system.

That's the word from Mike Kavis, a seasoned chief technology officer and IT architect. In his new book, Architecting the Cloud: Design Decisions for Cloud Computing Service Models, Kavis shows what steps companies should take to keep their data and applications safe in cloud settings.

Kavis provides three key security strategies to ensure the highest level of protection in the cloud, as well as three distinct actions.

The three key cloud security strategies consist of the following:

  1. Centralize: Consolidate “security controls, processes, policies and services, and reduce the number of places where security needs to be managed and implemented.”
  2. Standardize: Develop standardized security services and mechanisms “that can be shared across the enterprise, not a solution for a specific application.” Kavis recommends subscribing to industry best practices, l as encryption, authorization and API tokenization.
  3. Automate: Bake security into all processes without the need to human intervention.

If these bits of advice all look familiar, they should. They are best practices that have been established for security in the days of on-premises systems. Cloud doesn't make security any easier, not does it shift the onus to some outside provider. As was the case 10 years ago, security needs to be front and center in the enterprise.

As Kavis puts it, cloud consumers need to “apply security best practices to applications and services, monitor and detect security issues, and practice security prevention by addressing issues found by monitoring logs.” All basic stuff — the kind of things enterprises should have been doing 10 years ago. The methodologies, tools and standards are already available.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

A Cure for Analysis Paralysis

“Adaptive” analytics can help insurers keep up with the flood of real-time data.

To Quantify or Not — That is the Question with Modernization (Part II)

While the quantitative business case may be ingrained in many insurance operations, it often offers little practical use.

The Good, The Bad and The Ugly Of Enterprise BI

When IT can't deliver, business users build their own applications focusing on agility, flexibility and reaction times.

The IT-Savvy 10%

IBM survey reveals best practices of IT leaders.

The Software-Defined Health Insurer: Radical But Realistic?

Can a tech startup digitally assemble the pieces of a comprehensive, employer-provided health plan?

Data Governance in Insurance Carriers

As the insurance industry moves into a more data-centric world, data governance becomes more critical for ensuring the data is consistent, reliable and usable for analysis.