There's also no obvious reason to assume that any service provider will be more able to provide good cloud security, and that means you will need to carry out due diligence, work out what the cloud security requirements are for your data, and check that a given cloud computing service provider can meet those requirements, according to Martin Blackhurst, a security specialist at UK-based consultancy Redstone Managed Solutions.
Although specific cloud security requirements are likely to vary from organization to organization, Blackhurst recommends, at the very least, asking cloud computing service providers under consideration the following questions. They can be broken down as relating to people, data, applications and infrastructure.
- Where will my data be stored?
- What controls do you have in place to ensure my sensitive business data is not leaving the virtual walls of your business?
- What are the borders of responsibility?
- How do you ensure my applications are not susceptible to emerging application security threats?
- How do you detect an application is being attacked in real-time, and how is that reported?
- How do you implement proactive controls over access to my applications -- and how can you prove to me that they are effective?
Read the rest at ServerWatch.