The Lighter Side Of The Cloud – Server Management
The Lighter Side Of The Cloud – K.I.S.S
The Lighter Side Of The Cloud – Disaster Recovery Plan

Security In The Cloud: Logs, Audits, Encryption…

Security In The Cloud: Logs, Audits, Encryption…

Considering a move to the cloud for one or several of your key services? If so, you are not alone. Cloud computing is growing exponentially as more and more vendors are starting to offer services, and as more businesses are beginning to see the potential for cost savings as well as the ability to offer new services that were beyond their capacity. When moving services to the cloud, you are moving critical parts of your IT infrastructure and corporate information assets to systems that you will not have direct administrative access to. You will be relying on your vendor to provide security, auditing, and change management for these components, and will be relying upon them to secure your data.

Security in the cloud is very good, and in many cases the economies of scale vendors have at their disposal along with the specialized staffing means it will be better than what you could reasonably accomplish on your own, but you do want to make sure you understand all aspects of security in the cloud.

Audits

Let’s get the biggest one out of the way first; audits. Find out what security audits and accreditations your vendor goes through, and make sure they are compatible with any requirements (contractual or legislative) you may be under. ISO 20000, 27001, SAS70 Types 1 and 2, and others are all relevant, but your vendor will obtain one or more of these on their own, and share those results with their customers, but they will almost never let you perform your own audit unless you they are hosting a private cloud for you, and then your access scope will be limited to that which is dedicated to you.

Logs

Logs will usually be accessible or provided to you by request, but the retention period may not be as long as you would like to have on premise. Make sure you discuss logging, retention periods, access requests, and the level of detail with your provider so that you are comfortable with it.

Physical security

Cloud service providers will frequently have extremely good physical security, and that may mean that customers are not permitted to visit datacenters. Remember, we are discussing cloud services, not hosted datacenters, so your data might move from one datacenter to another dynamically anyway, so scheduling a site visit might prove fruitless anyway, unless you merely want to see an example site for your own satisfaction.

Encryption of data at rest

If you require encryption of data at rest, make sure you discuss this with your vendor early on in the sales discussions. Many cloud service providers won’t use encryption for data at rest. Key management between cloud datacenters can be a challenge, and the physical security already in place may make this an unnecessary (to them) extra bit of overhead.

Encryption of data in motion

Discuss how certificate management will be handled to make sure you understand all PKI requirements. Your provider may handle certificate management for you but don’t assume that means you won’t have any responsibilities for validation or authorization. At the same time, even if you are willing to accept the risk of clear text transmissions, you may find that unsupported by your vendor.

Physical location of data

Some countries have laws requiring that data reside within the borders of that country. Your customers may also want to make certain all their data remains in-country. Check with your legal team to make sure you understand those requirements and work with your vendor to understand their datacenter geographic boundaries.

Datacenter employees

Discuss the interviewing, background checks, vetting, bonding, drug testing, etc. that your vendor goes through for all employees to make sure you are comfortable with that. You may have to create or accept generic admin accounts, rather than working with a named account for every individual, and if you have requirements regarding the citizenship of administrative users, make sure you go over that with your vendor too.

There are a few things you want to make sure you understand about your relationship with your vendor of choice, and what you will and will not be able to do as it relates to security settings and audits, and you will need to work with your legal team to ensure that any existing contracts or legislation are compatible.

So work with your vendor to make sure you understand these things completely, and to your satisfaction. Ask questions, request audit reports and customer references, and do your homework. Security in the cloud is not something to take on faith; responsible vendors should have all the information you require and be willing to provide it within reasonable time frames. Just don’t be surprised they request an NDA before sharing specific audit findings, and if they don’t permit site visits.

By Casper Manes

This article was written by Casper Manes on behalf of IT Channel Insight, a site for MSPs and Channel partners where you can find other related articles to cloud services 

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

One Response to Security In The Cloud: Logs, Audits, Encryption…

  1. Just read your post and would like to thank you for maintaining such a cool blog. Just like my friend Edward I am also a folder lock user and I was surprised when I came to know that it also offers free online backup with fast and secure encryption.
     

Popular

5 Surprising Ways Cloud Computing Is Changing Education

5 Surprising Ways Cloud Computing Is Changing Education

Cloud Computing Education The benefits of cloud computing are being recognized in businesses and institutions across the board, with almost 90 percent of organizations currently using some kind of cloud-based application. The immediate benefits of cloud computing are obvious: cloud-based applications reduce infrastructure and IT costs, increase accessibility, enable collaboration, and allow organizations more flexibility…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things

Monetizing Internet Of Things There are many interesting ways in which companies are looking to connect devices to the cloud. From the vehicles to kitchen appliances the internet of things is already a $1.9 trillion dollar market based on research estimates from IDC. Included is a fascinating infographic provided by AriaSystems which shows us some of the exciting…

Five Reasons SMBs Fear The Cloud

Five Reasons SMBs Fear The Cloud

Five Reasons SMBs Fear the Cloud Fear of the cloud has been around since the Cloud began. SMBs were traditionally afraid of security issues, while large companies fretted about increasing the complexity of their IT infrastructure. What many budding start-up companies don’t realise is Cloud Computing helps place them on a level playing field with…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at least one cloud-based application.…

Recent

The Importance Of Cloud Security For Wearable Technology

The Importance Of Cloud Security For Wearable Technology

Wearable Technology Starts With Cloud Security The integration of wearable technology into our society is all but inevitable. Today, major players in the wearable tech field include Google, Fitbit, Boston Scientific and Apple. As users continue to demand ever increasing availability and functionality from their devices, so do security concerns for wearable tech. The future…

Customer Success Guidelines – In A World Gone Cloud

Customer Success Guidelines – In A World Gone Cloud

Customer Success Guidelines for Maximum Upselling and Cross-Selling in a World Gone Cloud With the growth of the subscription economy, companies can no longer assume that a sale means that the deal is closed. Companies need to prove their worth every minute of every hour, every hour of every day and so on. A big…

Why You Should Be Concerned About Drone Security

Why You Should Be Concerned About Drone Security

Why You Should Be Concerned About Drone Security Over the past decade, drones, also known as UAVs (unmanned aerial vehicles), have become a fact of life. Beginning as underpublicized but extremely effective items in the U.S. military’s arsenal, drones have since come into wide use by government agencies for everything from geographic surveys to law…

Contact Us

Sending
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising