Cloud computing network security best practices

In this expert response, Peter Wood reveals the security mechanisms that are needed from a cloud computing provider.

What cloud computing network security mechanisms do I need in place to make a success of an outside provider's offerings?
There is a distinct lack of security visibility in cloud providers: "You can't know where your data is, you can't prove that it's being protected and you can't know who's accessing it." according to Robert Richardson, director of the Computer Security Institute.

Cloud computing places the burden of security on the provider, but doesn't relieve you of the responsibility for protecting personal and sensitive data. Therefore it becomes essential to conduct a thorough review of the provider's security to ensure good governance. This means inspecting their information security policy and procedures against proven standards, such as ISO 27001.

You must also ask for proof of their staff vetting and management processes, as well as their technical infrastructure. They must be able to assure you of their data security controls, such as encryption of data, both in transit and at rest. The provider should be able to demonstrate that it conducts regular, independent audits and penetration tests, and be willing to share the results with you. Your contract should also give you the right to conduct audits and tests of your own.

This was last published in July 2009



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Cloud security



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: