Last week, we examined some potential security threats within a cloud environment, including shared technology, data loss and unknown risk profiles. But these threats do not have to become realities for your firm’s environment. By doing your due diligence and selecting the right service provider, you can minimize the risk of a security threat in the cloud.
Proper security in a cloud environment requires specialized practices and processes at both the physical and virtualization level. Following are some key features to look for when evaluating a cloud services provider:
Physical Security at Data Centers
- 24x7x365 manned lobby with visual verification of identity
- Two-phase authentication of visitors (card and biometric)
- Secured access doors and elevator banks
- Monitored security cameras
- Additional door, motion and camera sensors
- Visitor logs for cages
- Key-locked cages and cabinets
In what is sometimes known as a multi-tenant environment, cloud subscribers share the same underlying infrastructure, databases or applications. In public cloud environments, multi-tenancy can pose a security risk if proper isolation measures are not put into place to securely separate data and resources. If you’re looking for more security through a private cloud, be sure to look for these requirements:
- Availability: Redundancy should be built into every layer of the technology infrastructure to minimize the risk of unplanned downtime.
- Secure Separation: Ensure that your cloud provider will use secure separation to isolate your silo and resources from other cloud customers.
- Service Assurance: Computing, networking and storage resources should be readily available to you as needed to deliver top performance and accommodate fluctuations in user demands.
- Management and monitoring: Work closely with your cloud services provider to ensure they will have comprehensive control and extensive visibility over your cloud infrastructure at all times. You need to ensure it is highly secure, your environment is separated and you receive the highest level of service.
Additionally, plan to vet your service provider around the policies and procedures they have in place for access control to your cloud environment, as well as specifics around other technology areas such as encryption and resiliency.
For more information on cloud computing for hedge funds and investment firms, visit our Knowledge Center today.
Photo Credit: Silicon Angle
- New Considerations for Launching a Hedge Fund: Insights from the experts
- Corporate Essentials for Successful Hedge Fund Startups
- Recapping a Busy Week in Cyber Security Across the Globe
- What Do Hedge Fund Investors Ask About IT? A Technology DDQ cheat sheet
- Webinar Recap: What Investment Firms Need to Know about Social Media Compliance
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics