Cloud Chivalry – Provider Pride
As cloud deployments gain popularity, increasing attention is paid to provider security strength. The cloud security alliance, for example, releases a yearly list of top threats, covering everything from malicious use, data loss, and service hijacking. Heightened public awareness of the cloud has led to oddly intuitive feelings of insecurity – if data resides off-site, it must surely be less secure.
Though it’s hard to imagine cloud providers with shield raised against whatever virtual attack might breach a client’s peace, there’s an increasing need for solid cloud security – cloud chivalry, even – which defends otherwise helpless company data from attack. Public and private providers have responded; in many cases, cloud deployments are now more secure than local servers.
Here are three simple ways spot knight-like providers.
All cloud deployments require trust. Companies entrust their provider with critical data and expect a measure of care in return. Because cloud computing is still a maturing technology, standard wording does not exist for security in most service-level agreements, meaning company IT professionals need to evaluate providers on a case-by-case basis.
The first sign of a trustworthy provider is their willingness to talk about security concerns. Not only should responsibilities be spelled out in an agreement – with clear expectations for both provider and customer – but there should be evidence of careful thought in security design. Cloud computing offers fertile ground for startup providers and tempting fruit for tech giants; secure providers are those who commit fully to the cloud, rather than attempt to tack on services bit by bit. Look for the total package.
Once you’ve identified a tentative provider, consider specifics. While the physical security of an off-site storage location is important, including 24/7 monitoring and controls to prevent data loss or damage – it’s important that storage architecture goes beyond the basics. This means taking measures to isolate workloads in shared tenancy, in turn preventing accidental cross-contamination on a physical server. Providers should be aware of not only potential threats from beyond a storage facility but understand the interconnected nature of their compute offering: what affects a single customer affects many.
It’s also important to consider access. While cloud chivalry includes a certain amount of trust extended to third-party providers, these providers need clear-cut access polices. Company IT pros should always have access to their data, and provider admins should only need data access for specific circumstances. No access should ever go unrecorded, and companies should always be kept in the data-use loop.
Cloud security is simpler than much media hype makes it seem. Providers are crucial in the defense of data, and it’s getting easier to separate knaves from knights.
By Doug Bonderud,
Doug Bonderud is a freelance writer, cloud proponent, business technology analyst and a contributor on the Dataprise Cloud Services website.