This series examines security in the cloud, showing how companies can mitigate cloud computing security issues and risks.
Data is at the heart and center of the cloud. When it comes to security in the cloud, three questions need to be answered with regard to data:
1. How is the data guaranteed?
A company should seek three discrete guarantees from the vendor:
- Guaranteed capacity. One of the greatest benefits of cloud computing is its elasticity — that capacity can be expanded and contracted on-demand. To ensure this benefit, a service level agreement (SLA) should articulate how much added capacity is guaranteed to be available for periods of peak usage.
- Guaranteed availability. A company’s business will grind to a halt if connections to the cloud are severed. Therefore, it is vital that a vendor provide an SLA guaranteeing availability, reliability, and redundancy.
- Guaranteed storage. Managed storage is a must, with integrated backup and restore capabilities.
2. How is the data encrypted?
Sound encryption protects the integrity and availability of data hosted in the cloud, ensuring that data remains confidential even if it falls into the wrong hands. Because of the immense importance of data integrity and confidentiality, a company should require that a vendor facilitate this level of security.
Encryption procedures may include SSL connections, virtual private networks (VPNs), encryption systems, and encryption key management. Encryption should extend from desktops and laptops to the handheld devices that are proliferating every day. Depending on the industry a company is part of, encryption systems may need to comply with such regulations as PCI DSS, HITECH, or HIPAA.
3. How is the data protected?
Intrusion detection and prevention is paramount in a society rife with hackers and identity theft. A company should carefully examine the vendor’s firewalls, vulnerability scanning capabilities, threat management, log management, antivirus services, virtual LANs (VLANs), virtual routers, and virtual switches.
The answers to these three questions will contribute significantly to your security in the cloud.
The last post in the series will address security in the cloud with regard to the access people have to the cloud.
Other articles in this series: