Q

Cloud computing network security best practices

In this expert response, Peter Wood reveals the security mechanisms that are needed from a cloud computing provider.

What cloud computing network security mechanisms do I need in place to make a success of an outside provider's offerings?

There is a distinct lack of security visibility in cloud providers: "You can't know where your data is, you can't prove that it's being protected and you can't know who's accessing it." according to Robert Richardson, director of the Computer Security Institute.

Cloud computing places the burden of security on the provider, but doesn't relieve you of the responsibility for protecting personal and sensitive data. Therefore it becomes essential to conduct a thorough review of the provider's security to ensure good governance. This means inspecting their information security policy and procedures against proven standards, such as ISO 27001.

You must also ask for proof of their staff vetting and management processes, as well as their technical infrastructure. They must be able to assure you of their data security controls, such as encryption of data, both in transit and at rest. The provider should be able to demonstrate that it conducts regular, independent audits and penetration tests, and be willing to share the results with you. Your contract should also give you the right to conduct audits and tests of your own.

This was last published in July 2009

Read more on Cloud security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close