How to Make Public and Private Clouds Secure

As the market for cloud-related services continues to grow, with predictions of a $150 billion business by 2013, a looming question remains: Is the cloud secure? While IT experts will admit that no environment will ever be completely secure, there are a growing number of measures businesses can take to mitigate cloud security risks.

So what controls can you put in place to restrict data loss? In a recent Cloud Computing Journal article by Lucas Roh, several security measures are recommended, including:

  • Instituting a sophisticated an identity management system is crucial for protection against password hacking. Implement a real password management system with true randomization. No more “1234” or “admin” passwords!
  • When choosing an SaaS solution provider, ask not only about their identity management practices, but also hiring and background check procedures for their administrators and about how access to data is controlled.
  • Effectively manage your SaaS providers. Do they follow your preferred procedures for identity management security? The centralization of these practices can provide an added measure of security.
  • Know the legal ramifications and jurisdiction that cover data standards. While your data containing Personally Identifiable Information might be considered secure in one country, it may fall under different regulations in another. For instance, European governments have very strict privacy protection rules compared to other countries. When choosing a cloud solution provider, make sure your data can be quickly relocated in case your service agreement ends. Knowing the physical location of your data is important for such recovery efforts.
  • Ensure that your cloud provider follows strict security controls that are routinely checked by independent auditors.

 

The bottom line here is to ask potential solution providers a lot of questions and dig beneath their standard marketing literature. The Cloud Computing Journal recommends asking these questions: “What about business continuity? Is there a documented process for this? If one of their data centers is destroyed, what does that mean for your business? Do they only have one location? If so, you need to explore their backup and disaster recovery procedures, as well as the security risks of those procedures. Another important consideration is the company’s actions after a security breach. Do you trust them to tell you security has been compromised so you can take steps to mitigate damage?”

For more information on “cloud” protection and how to look for a reliable provider, read the full article: http://cloudcomputing.sys-con.com/node/1750499