Cloud Computing, Security, and You

Thursday, June 16, 2011

Global Knowledge


Article by Michael Gregg

There are many benefits of cloud computing. Cost and ease of use are at the top of the list.

Yet cloud computing also brings significant security concerns when you consider moving critical applications and sensitive data to public and shared cloud environments.

To address these concerns, the cloud provider must develop sufficient controls to provide the same or greater level of security that the organization would have without the cloud.

Here are five things to keep in mind when considering cloud based services:

  • Where’s the data? Different countries have different access requirements and controls. Since you access your data in the cloud, you may not realize that the data must also reside in a physical location.
  • Who has access? Access control is a key issue since insider attacks are a huge risk. Insider attacks are a major concern because a potential hacker is someone who has been entrusted with approved access to the cloud.
  • What are your regulatory requirements? Organizations operating in the US, Canada, or the European Union have many regulatory requirements they must abide by (e.g., ISO 27002, Safe Harbor, ITIL, and COBIT).
  • Do you have the right to audit? This particular item is no small matter in that the cloud provider should agree in writing to the terms of audit.
  • What type of training does the provider offer their employees? This is actually a rather important item because people will always be the weakest link in security.

Next week I’ll discuss 5 more cloud based issues to consider.

Cross-posted from Global Knowledge

Possibly Related Articles:
Cloud Security
Service Provider
Compliance Cloud Security Storage Cloud Computing Security Audits Managed Services
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.