- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Cloud Security|Cloud computing offers advantages over building and maintaining private data centers including flexibility, reduced maintenance and operations costs and the ability to employ lower powered, lower priced personal computers.
The most basic facts about your data – like where it is exactly and how it is replicated – become difficult to find out when you entrust it to a cloud, a new study says.
While that’s not surprising, the implications are large, according to the Forrester Research report “How Secure is Your Cloud?” by analyst Chenxi Wang.
Submitting data to a cloud provider means it is stored and manipulated in an environment shared with other customers, and while that doesn’t necessarily mean its security and privacy are in jeopardy it does mean customers have to use diligence, she says. If security is not properly addressed, potential business and legal liabilities begin to mount
One key precaution Wang recommends customers take is encryption of the data not only as it moves around in the cloud and out to customers but also as it sits in databases. Cloud providers may address this on their own as part of their best practices, but it is up to the customer to evaluate whether it is sufficient.
Wang lists a range of other concerns that customers should also make sure are addressed such as how auditors can evaluate security of data in the cloud, what authentication methods are used and how well data is partitioned from that of other customers.
Wang’s list of things to worry about is solid and it points up a struggle that cloud services providers and customers need to deal with. Customers need to perform due diligence in assessing cloud security, and providers need to make the information customers need readily available. This exchange of intelligence can be costly and time consuming for both parties.
A certification program in which third parties evaluate providers comes to mind as a more efficient use of time and effort. The third parties would evaluate the providers and customers would rely on that certification rather than launch lengthy and costly studies of their own. It’s not foolproof as data breaches at companies that had recently passed PCI certification demonstrate, but it may be the most workable solution for dealing with this complex problem.
The more costly option of performing their own evaluations would still be available for those who feel they need to do so.
Tim Greene is senior editor at Network World.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (1)
It's all about the contractBy tolzak on May 14, 2009, 12:26 pmSecurity of data in the cloud begins with contractual obligations related to required security controls. Make sure the vendor knows what you expect and agress to...
Reply | Read entire comment
View all comments