Because of the term “cloud computing” and the habit of referring to data and applications as being “in the cloud,” it can be easy to forget that “the cloud” is housed in a physical facility.
Businesses should carefully look into that facility when to avoid any cloud computing security issues.
Once a potential vendor has been selected, a company should request an in-person tour of their facilities. During this tour, the company should compare what they see against a checklist that includes such items as:
Physical structure. What is the facility like? What are the environmental controls? How are they managed?
Security procedures. Is there a security guard at the gate and at the door to permit authorized access only? Are there security cameras? Where are they mounted? How are they monitored?
Power supply. What is the power source? What would happen in the event of a power outage? Is there a redundant power supply?
Equipment considerations. What type of infrastructure is in place? What is its capacity? Is it automated? Is it monitored? Is it made up of best-in-class technology, or is it cobbled together?
Staffing concerns. Are the vendor’s employees subject to background investigations? Are they onsite, or do they monitor and manage the equipment remotely? Are security personnel trained in forensic security and law enforcement? Is the facility staffed 24/7?
Processes and certifications. Does the vendor audit its processes? Can it show compliance with both general regulations as well as the standards and compliance requirements specific to your industry?
Remember, your cloud is only as secure as the facility it is housed in.
The next post in the series will address security in the cloud with regard to the data residing in the cloud.
The other article in this series:
Related Business Solution: Cloud Services