Adoption of cloud services is accelerating as companies take advantage of the more flexible and scalable IT provisioning model created by the cloud.
But how should an organisation check that a cloud service provider is capable of looking after its data? The provider may have been audited for SAS 70, ISO 27001, PCI DSS and a range of other standards, but how valid are those standards for the world of the cloud?
For his MSc thesis at Royal Holloway University of London (RHUL), Robert Farrugia, under the supervision of lecturer Geraint Price, analysed each of the main auditing standards and examined their applicability to cloud computing.
While many of the standards were found to provide some useful reassurance, none of them proved to be adequate in their own right, leaving the authors to conclude that a new cloud certification model will be needed in the future.
Read the article
Download the article by Robert Farrugia on cloud security certifications (.pdf).
Read the full thesis (.pdf).
In an article now published on SearchSecurity.co.UK, the authors provide a detailed mapping of the current cloud security certification standards applicable to the cloud, and illustrate where each standard is lacking. In the absence of a reliable standard, the authors suggest ways organisations might minimise risk when moving their data and processes from a traditional in-house IT infrastructure stack to that of the cloud.
The feature is one of six SearchSecurity.co.UK is publishing this year in collaboration with RHUL.
This was first published in June 2012