The centralization of apps, data, and management that’s an essential part of well-conceived and well-managed Cloud environments also helps make them more secure. Why? Because security policy is easier to enforce, threats to apps and data are easier to detect and address. 

Since Cloud data and apps are centralized in a data center, it’s actually easier (as compared to traditional siloed IT infrastructures) to establish effective security policy, monitor compliance, and intervene quickly and often preventatively when there are issues

More...

In the right Cloud environment, IT performance goes up while IT costs go down. 

Here’s how IT performance goes up:

1. Applications are hosted on centralized virtual servers in a data center, so …
   • Each department or end-user no longer needs their own copy of the app,
   • There’s just one version of the app, designed to be sufficiently flexible and customizable so all can use it on a variety of devices, and
   • Services are easily scalable, more secure, and more reliable.
2. Applications can be quickly and automatically provided on demand wherever they’re needed, so …
   • IT resources are optimized,
   • The entire IT environment is more responsive and flexible without adding work or cost, and
   • Access to resources improves without new implementation/deployment risks.
3. And end-users and their departments — as well as trusted partners — can be networked far more cost-effectively, regardless of location, via a standardized platform that enables integration and process automation between internal departments and partners. 

More...

The data discovery and identification aspect of data loss prevention (DLP) capability is just the beginning. Once you know what data you have and where it lives, you’re finally in a position to accomplish two crucial things:

1. Manage and enforce security policies. DLP makes it possible to manage and apply security policies across the enterprise, reducing burdens on IT staff while boosting compliance. For instance, solid DLP solutions automatically encrypt sensitive data to regulatory and compliance standards, and those focused on data in motion come with on-board email encryption that integrates with leading encryption services.
   
   This ability to manage not just security policy but also security enforcement is especially important, given the proliferation of employee communication venues (e.g., email, IM, the Web, social media), work locations, and devices, some of which are employee-owned and inevitably used for personal activities.
   
2. Monitor and regulate how sensitive data gets used, moved, and stored. With DLP, you’ll not only gain visibility into policy violations, you’ll be able to automatically enforce policies and compliance (and get employees to behave when it comes to data use). 
   
   DLP enables you to secure data proactively via automatic quarantine, relocation, and support for policy-based encryption. You can enable active blocking at the network as well as endpoint to prevent data from inappropriately leaving the organization. And you’ll know who attempted what and when.

Last time, I described the first two backup/recovery best practices. Here are the next three:

#3 Make sure your backup/recovery strategy adheres to all governance and compliance rules that apply to your organization.

Rules abound about data privacy, security, retention — and vary by industry and region.

Look for a reputable advisor who has the experience needed to understand your compliance environment and who successfully completes SAS-70 Type II audits.

More...

Since the arrival in 2002 of the Sarbanes-Oxley Act (SOX) as well as other more stringent financial accountability standards, the role of SAS 70 Type II audit and certification has grown. My company takes SAS 70 Type II audits very seriously.

That's because both SOX and SAS 70 Type II use the same model of controls — so a SAS 70 Type II certification is the best way third parties (like our customers) can be assured of acceptable, SOX-compliant service organization controls.

More...