The Lighter Side Of The Cloud – Staff Relocation
The Lighter Side Of The Cloud – BYOD
The Lighter Side Of The Cloud: Magical
The Lighter Side Of The Cloud – Mischievous Easter Bunny

Security In The Cloud: Logs, Audits, Encryption…

Security In The Cloud: Logs, Audits, Encryption…

Considering a move to the cloud for one or several of your key services? If so, you are not alone. Cloud computing is growing exponentially as more and more vendors are starting to offer services, and as more businesses are beginning to see the potential for cost savings as well as the ability to offer new services that were beyond their capacity. When moving services to the cloud, you are moving critical parts of your IT infrastructure and corporate information assets to systems that you will not have direct administrative access to. You will be relying on your vendor to provide security, auditing, and change management for these components, and will be relying upon them to secure your data.

Security in the cloud is very good, and in many cases the economies of scale vendors have at their disposal along with the specialized staffing means it will be better than what you could reasonably accomplish on your own, but you do want to make sure you understand all aspects of security in the cloud.

Audits

Let’s get the biggest one out of the way first; audits. Find out what security audits and accreditations your vendor goes through, and make sure they are compatible with any requirements (contractual or legislative) you may be under. ISO 20000, 27001, SAS70 Types 1 and 2, and others are all relevant, but your vendor will obtain one or more of these on their own, and share those results with their customers, but they will almost never let you perform your own audit unless you they are hosting a private cloud for you, and then your access scope will be limited to that which is dedicated to you.

Logs

Logs will usually be accessible or provided to you by request, but the retention period may not be as long as you would like to have on premise. Make sure you discuss logging, retention periods, access requests, and the level of detail with your provider so that you are comfortable with it.

Physical security

Cloud service providers will frequently have extremely good physical security, and that may mean that customers are not permitted to visit datacenters. Remember, we are discussing cloud services, not hosted datacenters, so your data might move from one datacenter to another dynamically anyway, so scheduling a site visit might prove fruitless anyway, unless you merely want to see an example site for your own satisfaction.

Encryption of data at rest

If you require encryption of data at rest, make sure you discuss this with your vendor early on in the sales discussions. Many cloud service providers won’t use encryption for data at rest. Key management between cloud datacenters can be a challenge, and the physical security already in place may make this an unnecessary (to them) extra bit of overhead.

Encryption of data in motion

Discuss how certificate management will be handled to make sure you understand all PKI requirements. Your provider may handle certificate management for you but don’t assume that means you won’t have any responsibilities for validation or authorization. At the same time, even if you are willing to accept the risk of clear text transmissions, you may find that unsupported by your vendor.

Physical location of data

Some countries have laws requiring that data reside within the borders of that country. Your customers may also want to make certain all their data remains in-country. Check with your legal team to make sure you understand those requirements and work with your vendor to understand their datacenter geographic boundaries.

Datacenter employees

Discuss the interviewing, background checks, vetting, bonding, drug testing, etc. that your vendor goes through for all employees to make sure you are comfortable with that. You may have to create or accept generic admin accounts, rather than working with a named account for every individual, and if you have requirements regarding the citizenship of administrative users, make sure you go over that with your vendor too.

There are a few things you want to make sure you understand about your relationship with your vendor of choice, and what you will and will not be able to do as it relates to security settings and audits, and you will need to work with your legal team to ensure that any existing contracts or legislation are compatible.

So work with your vendor to make sure you understand these things completely, and to your satisfaction. Ask questions, request audit reports and customer references, and do your homework. Security in the cloud is not something to take on faith; responsible vendors should have all the information you require and be willing to provide it within reasonable time frames. Just don’t be surprised they request an NDA before sharing specific audit findings, and if they don’t permit site visits.

By Casper Manes

This article was written by Casper Manes on behalf of IT Channel Insight, a site for MSPs and Channel partners where you can find other related articles to cloud services 

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

One Response to Security In The Cloud: Logs, Audits, Encryption…

  1. Just read your post and would like to thank you for maintaining such a cool blog. Just like my friend Edward I am also a folder lock user and I was surprised when I came to know that it also offers free online backup with fast and secure encryption.
     

FREE! POPULAR RESEARCH TOOLS

Popular Archives

4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat”  The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat. The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what…

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most Cloud computing is rapidly revolutionizing the way we do business. Instead of being a blurry buzzword, it has become a facet of everyday life. Most people may not quite understand how the cloud works, but electricity is quite difficult to fathom as well. Anyway, regardless of…

Recent

Cloud Infographic – Top Vulnerable Applications

Cloud Infographic – Top Vulnerable Applications

Top Vulnerable Applications  As you use the Internet on a daily basis, you probably come across cyber security topics, but rarely glance at them twice. After all, cyber security threats don’t concern you, right? Well, that’s not exactly true. Cyber attacks are more widespread than you can imagine and they may be targeting your devices as…

The Lighter Side Of The Cloud – Whatever Happened To Alone Time?

The Lighter Side Of The Cloud – Whatever Happened To Alone Time?

By David Fletcher Are you looking to supercharge your Newsletter, Powerpoint presentation, Social media campaign or Website? Our universally recognized tech related comics can help you. Contact us for information on our commercial licensing rates.  About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information.…

MOST RECENT - Posted by
New Trends In Cloud Based Education

New Trends In Cloud Based Education

Cloud Based Education With technological progress accelerating and users’ computer experience becoming richer and increasingly complex, the future developments in education technology is very exciting. Students are now able to attend demonstration sessions on how to handle technology through remote laboratories using advanced applications in a truly interactive environment. One of these exciting areas is in telemedicine.…

The Many Hats Of Today’s IT Managers

The Many Hats Of Today’s IT Managers

The Many Hats of IT Managers In years past, the IT department of most large organizations was much like a version of Middle Earth: a mysterious nether world where people who seemed infinitely smarter than the rest of us bustled around, speaking and typing languages that appeared indecipherable, yet, which made our world work. They…

Selling Your Business To Your Employees

Selling Your Business To Your Employees

Mobility For Your Employees It may seem a radical notion, the idea of selling your business to the people who work for you, but this is the era in which we now work. Employees of all levels are all incredibly aware of their options when it comes to mobility and employability. This doesn’t mean that…

Technology Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG
Advertising ROI Plans

Established in 2009

CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

CloudTweaks Comic Library

Advertising