There are many benefits of cloud computing. Cost and ease of use are at the top of the list. Yet cloud computing also brings significant security concerns when you consider moving critical applications and sensitive data to public and shared cloud environments. To address these concerns, the cloud provider must develop sufficient controls to provide the same or greater level of security that the organization would have without the cloud. Here are five things to keep in mind when considering cloud based services:
- Where’s the data? Different countries have different access requirements and controls. Since you access your data in the cloud, you may not realize that the data must also reside in a physical location.
- Who has access? Access control is a key issue since insider attacks are a huge risk. Insider attacks are a major concern because a potential hacker is someone who has been entrusted with approved access to the cloud.
- What are your regulatory requirements? Organizations operating in the US, Canada, or the European Union have many regulatory requirements they must abide by (e.g., ISO 27002, Safe Harbor, ITIL, and COBIT).
- Do you have the right to audit? This particular item is no small matter in that the cloud provider should agree in writing to the terms of audit.
- What type of training does the provider offer their employees? This is actually a rather important item because people will always be the weakest link in security.
Next week I’ll discuss 5 more cloud based issues to consider.