How to Secure Your Cloud

Joe McKendrick
Insurance Experts' Forum, March 4, 2014

There's been a great deal of debate, as well as erroneous assumptions, being cast about regarding cloud computing, particularly the use of public cloud services. However, a strong, well-thought-out architectural approach can make cloud computing just as safe as a locked-down on-premises system.

That's the word from Mike Kavis, a seasoned chief technology officer and IT architect. In his new book, Architecting the Cloud: Design Decisions for Cloud Computing Service Models, Kavis shows what steps companies should take to keep their data and applications safe in cloud settings.

Kavis provides three key security strategies to ensure the highest level of protection in the cloud, as well as three distinct actions.

The three key cloud security strategies consist of the following:

  1. Centralize: Consolidate “security controls, processes, policies and services, and reduce the number of places where security needs to be managed and implemented.”
  2. Standardize: Develop standardized security services and mechanisms “that can be shared across the enterprise, not a solution for a specific application.” Kavis recommends subscribing to industry best practices, l as encryption, authorization and API tokenization.
  3. Automate: Bake security into all processes without the need to human intervention.

If these bits of advice all look familiar, they should. They are best practices that have been established for security in the days of on-premises systems. Cloud doesn't make security any easier, not does it shift the onus to some outside provider. As was the case 10 years ago, security needs to be front and center in the enterprise.

As Kavis puts it, cloud consumers need to “apply security best practices to applications and services, monitor and detect security issues, and practice security prevention by addressing issues found by monitoring logs.” All basic stuff — the kind of things enterprises should have been doing 10 years ago. The methodologies, tools and standards are already available.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Boosting Performance with Integrated Underwriting Tools

A unified, comprehensive platform can help underwriters perform their jobs more efficiently — and profitably.

Apple's Way: Succeeding in the Enterprise Without Even Trying - Part 3

Today's data centers are doing far more with much smaller footprints.

Apply Mindfulness to Leadership

Managers can benefit from applying this theory both to their career aspirations as well as to interactions and expectations of staff.

Opinion: Halbig Decision Creates New Level of Uncertainty for Obamacare

Time will tell if the Halbig decision remains viable. But in the meantime, a new level of uncertainty has been injected into the process.

CIOs: "We Don't Have Enough People to Run Our Mainframes"

Insurers will be competing with other industries for both legacy and “new IT" talent.

4 Ways to Keep Insurance Data Quality Healthy

Continually building trust and credibility in the data is the key to a successful data warehouse.