Cloud security guarantees?

* What kind of security guarantees are there in the cloud?

Cloud computing providers no doubt put forth a best effort to secure their infrastructure in order to protect their customers' data, but what kind of guarantees are there?

A widespread breach of customer data would cripple the reputation of a cloud provider and could set it up for legal action if the lost data had a financial impact on the customer or the customer’s customers.

If a merchant’s database of customer credit card numbers were stolen, for instance, that merchant’s reputation would suffer and potentially the cloud provider could become a target for legal action. So cloud computing providers have a vested interest in locking down their networks as much as possible.

They can front-end their equipment with firewalls, Web firewalls, virus gateways and other security products – the same kinds of measures businesses can take on their own if they run their own data centers.

Service providers could be hired to protect cloud resources in accordance to industry or regulatory standards that are spelled out. They could be held responsible for carrying out those specific standards if it is made part of service contracts.

It seems unlikely that cloud providers are ever going to offer service-level agreements against data loss or successful exploits because the task is just too impossible and the potential liabilities would be too enormous to take on.

The best that users can count on is a sound security architecture – one that they check out and understand – and some sort of guarantee from the provider that whenever there is a problem that it is dealt with within a specified and brief time period to minimize whatever damage the breach may cause.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.