{"id":2576,"date":"2016-04-14T00:00:00","date_gmt":"2016-04-14T00:00:00","guid":{"rendered":"https:\/\/dev.abes.com.br\/?p=2576"},"modified":"2016-04-14T00:00:00","modified_gmt":"2016-04-14T00:00:00","slug":"seguranca-na-nuvem-por-onde-comecar","status":"publish","type":"post","link":"https:\/\/dev.abes.com.br\/en\/seguranca-na-nuvem-por-onde-comecar\/","title":{"rendered":"Cloud Security - Where to start?"},"content":{"rendered":"<div style=\"text-align: center;\">\n\t<br \/>\n\t<em><img decoding=\"async\" alt=\"\" src=\"\/wp-content\/uploads\/anterior\/Imagens\/kleber.jpg\" style=\"width: 300px; height: 226px;\" \/><br \/>\n\tKleber Melo, President of the (ISC) \u00b2 Advisory Council for Latin America<\/em><\/div>\n<div style=\"text-align: justify;\">\n\t&nbsp;<br \/>\n\tThe use of tools in the Cloud and Hybrid Cloud has reduced companies&#039; costs in an unprecedented way, and stimulated their growth worldwide. Several surveys reveal that the Cloud is here to stay, which makes it important to analyze the most efficient measures to control and mitigate risks, such as invasion threats, attacks, leakage of sensitive information and unavailability of services.<br \/>\n\t&nbsp;<br \/>\n\tCloud security is a major concern for IT managers around the world. Estimates indicate that more than 70% of them do not trust traditional data protection techniques. In addition, the Cloud Security Alliance (CSA) reveals that only 16% of organizations have fully implemented policies and controls for using the Cloud. The same CSA states that 80% of companies with more than five thousand employees are unable to inform how many Cloud applications are used by their professionals.<br \/>\n\t&nbsp;<br \/>\n\tThe Cloud model adopted also interferes with the control of infrastructure, applications and databases. According to the Crowd Research Partners Threat Report, 62% of people find it more difficult to detect and protect internal threats than external attacks. The situation is even more complex, since the main failures are the responsibility of the users themselves, with only 38% of the organizations having a security policy with rules and responsibilities defined for data protection.<br \/>\n\t&nbsp;<br \/>\n\tRisk situations are still very recurrent, since many companies believe that the security of cloud data is the provider&#039;s responsibility, or consider that access control measures limited to users and passwords and data transmission encryption protect stored data or processed on servers in the Cloud.<br \/>\n\t&nbsp;<br \/>\n\tAlmost always due to lack of investments or due to the lack of trained professionals, safety is relegated to a lower priority, and those responsible believe that the sporadic analysis of logs or occurrences reported by users is sufficient for measures to contain losses or incidents.<br \/>\n\t&nbsp;<br \/>\n\tAn effective implementation of policies for protection and access controls considers the following actions: mapping of the services used by users independently; criterion in offering privileged access; implementation of authenticated session control with expiration for time and inactivity; identity management integrated with Human Resources and third party processes; identification of the type of access, location, time and profiles to avoid harmful behavior and possible loopholes in the controls; protection of stored and transmitted data by means of encryption to prevent the exposure of data not only in transmission but also in its storage.<br \/>\n\t&nbsp;<br \/>\n\tAccording to the Crowd Research Partners&#039; Threat Report, 47% of companies are unable to detect internal attacks or fail to measure detection time, with 43% claiming that incident response times are up to one week.<br \/>\n\t&nbsp;<br \/>\n\tAs it is impossible to protect against unidentified threats, active security monitoring through Data Loss Prevention (DLP - Data Loss Prevention), Security Information and Event Management (SIEM - Information Security and Event Management) solutions and Secure Enterprise Content Management (SECM - Content Management of Secure Companies), among others, must be implemented for success in the detection and protection of information. Even better if the solution is integrated, with infrastructure monitoring, data movements and applications, considering the context and the usual behavior of all users involved.<br \/>\n\t&nbsp;<br \/>\n\tThe considerations in this text are not intended to exhaust the topic of security in the Cloud. There are many other important points to consider, from the infrastructure to the application development criteria for Cloud, which have different characteristics from the traditional IT model.<br \/>\n\t&nbsp;<br \/>\n\tFor this reason, (ISC) \u00b2 together with the CSA (Cloud Security Alliance) developed the CCSP - Certified Cloud Security Professional certification, which brings invaluable value to professionals who want and need to deepen this knowledge. The CCSP certification is a clear indication of the potential of this market and I am sure that those who seek it will be ahead, standing out in an increasingly competitive job market.<\/div>\n<p>&nbsp;<br \/>\n&nbsp;<\/p>","protected":false},"excerpt":{"rendered":"<p>Kleber Melo, President of the Advisory Board of (ISC)\u00b2 for Latin America The use of Cloud and Hybrid Cloud tools has reduced companies&#039; costs in an unprecedented way, and stimulated their growth around the world. Several researches reveal that the Cloud is here to stay, which makes it important to analyze [\u2026]<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[8,19],"tags":[],"class_list":["post-2576","post","type-post","status-publish","format-standard","hentry","category-artigos","category-ultimas-noticias"],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2026-06-14 04:34:37","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/posts\/2576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/comments?post=2576"}],"version-history":[{"count":0,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/posts\/2576\/revisions"}],"wp:attachment":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/media?parent=2576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/categories?post=2576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/tags?post=2576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}