It sounds simple enough: Secure computing environments remain secure because they limit the number of outside sources that are connected to it.
For this reason, when cloud computing was first being touted as the next big thing in the evolving technological landscape, a lack of security and application control were raised as primary concerns. However, this is no longer the case - as private clouds now allow for company data to be segmented within private environments and SSL encryption methodologies can create a secure connection between the user and the server.
Three Security Concerns to Consider Choosing a Cloud Provider
Even with these improved options, it is important to note that the security within the cloud is only as strong as the provider – and because not all providers deliver the same level of security, finding a cloud hosting provider who highlights the following security features at the forefront of their service offerings is critical:
1) Physical Security
According to Verizon’s 2012 DATA BREACH INVESTIGATIONS REPORT (DBIR), the lack of physical security at the actual data center is a factor in almost one-third of all breaches investigated.1 A way to stem this concern is to choose a service provider that is in total control of the data center from which your cloud is being housed: meaning they control everything, and no outside personnel have access to the facility. This allows for lockdown security, which should include 24x7 monitoring, continued video surveillance and onsite guarded access.
2) Segregation
When selecting a hybrid or public environment, take note that your data and applications may be stored and secured within a shared environment, meaning that the provider controls the location, access and provisioning of the data. This is different from traditional onsite storage solutions, where you control the location of the data and who can access it. In order to ensure your data remains protected, the hosting provider needs to offer data segregation and encryption at every stage of a multiple tenant environment.
3) Overall Security
This includes verifying the existence of up-to-date software upgrades, antivirus and security polices, secure log-in, encryption methodologies, enterprise grade intrusion prevention systems, and hardware based firewalls.
Download our “Security in the Cloud Whitepaper” for more information on what it really takes to ensure cloud security.
References:
1) http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
