Tuesday, February 24, 2015

Cloud Computing Security Considerations

Cloud Computing Security Considerations

Today the buzz word is Cloud; we hear everything is moving to the cloud most of the time. But how safe is our data in the cloud? There is no definitive answer to this. The reason being nothing is safe when it’s not in our possession.
There are many factors to consider when choosing a cloud provider and one of the main factors is security. Many of the major players haven’t adopted public cloud still because of data breaches and data loss in Cloud is very difficult to monitor and audit.
Last year, I did a Proof of Concept for a major educational institution which was inclining to move to a public cloud. The feasibility study’s main intention was to understand the pros and cons of moving the student database to a cloud provider. When I started gathering the information for this project first thing that stuck me was how do we trust the provider? Where are they storing the data? Who are we sharing the platform and infrastructure with? And so on…
So here are some points to consider when choosing a cloud vendor (from kind of security perspective)
  • How much do we know about the cloud provider as in their reputation, company policies, etc
  • What is their business continuity plan and disaster recovery plan
  • What are we moving to the cloud and what is the security classification of our data
  • What is the security classification of our data in their model
  • What type of secure connectivity does the cloud provider provide
  • If their backup is adequate enough and meets our needs
  • If their SLA for availability meets our data availability requirements
  • Does the provider’s outage policies affect my business internally and externally
  • How about data loss and corruption prevention policies
  • What level of storage sanitization is done after my data’s end of life
  • Who do we share the same infrastructure and platform with?
  • What are the security certifications the provider has and what are relevant to me
  • Who do they share their company data and reports with?
  • Are the applications safe enough and have leakage protection
  • What type of encryption they use and where all are they implemented
  • The hardware and software the provider uses is trustworthy and certified at international standards
  • What are the auditing standards the provider has and can we audit using 3rdparty firms
  • Where are their NOCs and SOCs located and how quickly can we reach each other
  • Our data is encrypted and cannot be decrypted by the provider
  • What are my legal requirements and can they be matched to the provider’s offering
  • What level of access do my users have to the data and how are they restricted
  • Who are their subcontractors and are they certified as well
  • And more…
This is not a comprehensive list but this should help any company considering moving to cloud to understand their requirements in choosing a cloud vendor! The quickest way to cloud is none and any company should consider the providers in their city or state first. This will help in many factors including location access, legal requirements and visit to the cloud easy.

No comments:

YouTube Channel