BizCloud Computing Consultants Offer 7 Tips for Securing Data in the Cloud
November 1, 2011
The cloud technology experts at BizCloud® compiled a list of tips to help organizations properly address their underlying security concerns and issues that are holding many of them back from migrating their IT infrastructures to the cloud. While cloud computing offers tremendous benefits, from Capex reduction to improved business agility, companies are still cautious about moving their data to the cloud environment, often viewing it as a complete loss of control over security and data…
When an organization is considering adopting cloud computing technology, it is vital to demand transparency from a cloud solution provider and receive detailed instructions on the security measures that they have established.
The following are 7 key security tips and items to consider for protecting data in the cloud:
The cloud provider’s security processes. Organizations need to choose a cloud vendor that employs the same or higher-level security measures that they do internally. If an organization employs measures such as monitoring, penetration testing, intrusion prevention and detection systems, a cloud provider should mirror that level of control. It is important to ensure that the cloud provider lists the guaranteed security controls in a SLA agreement.
Location of Data. Larger cloud providers have data centers offshore in countries with different privacy and security laws, meaning that control over user data may be exposed to a third party. The physical location of certain types of information is regulated by federal or international laws. For these reasons, organizations should ask the solution provider about the location of their data centers and also about the security measures they take in case of a security breach.
Right to Audit. A right to audit should be included in the contract with a cloud provider, so that an organization is granted the right to audit the cloud environment at any time. Having this level of insight into a cloud solution’s security is vitally important for compliance.
Authorized Access. Organizations should ensure that proper controls are in place so that authorized users have access to the data at all times and, simultaneously, that all unauthorized access is blocked. Privileged-user monitoring is also required, as cloud service admins are granted access to data.
Legal Responsibilities. Organizations should make sure that the cloud provider’s solution meets their regulatory requirements. The provider has the responsibility to assist the cloud customer in being compliant with governmental data security and privacy standards.
Data Encryption. Cloud customers need to make sure that a vendor uses encryption for securing data at rest and in transit, as encryption is critical to compliance and safeguarding data privacy. The cloud service provider should encrypt data on storage devices at all times in order to prevent data breaches. Companies have to make sure that their data is protected when transmitted over the Internet by always being encrypted and authenticated by the cloud provider.
Physical Infrastructure. To make sure that the physical access to their data is secured, organizations need to receive instructions from the cloud service provider on the measures that they have established to manage physical access to the infrastructure supporting their data.