Security In The Cloud: Logs, Audits, Encryption…

Security In The Cloud: Logs, Audits, Encryption…

Considering a move to the cloud for one or several of your key services? If so, you are not alone. Cloud computing is growing exponentially as more and more vendors are starting to offer services, and as more businesses are beginning to see the potential for cost savings as well as the ability to offer new services that were beyond their capacity. When moving services to the cloud, you are moving critical parts of your IT infrastructure and corporate information assets to systems that you will not have direct administrative access to. You will be relying on your vendor to provide security, auditing, and change management for these components, and will be relying upon them to secure your data.

Security in the cloud is very good, and in many cases the economies of scale vendors have at their disposal along with the specialized staffing means it will be better than what you could reasonably accomplish on your own, but you do want to make sure you understand all aspects of security in the cloud.

Audits

Let’s get the biggest one out of the way first; audits. Find out what security audits and accreditations your vendor goes through, and make sure they are compatible with any requirements (contractual or legislative) you may be under. ISO 20000, 27001, SAS70 Types 1 and 2, and others are all relevant, but your vendor will obtain one or more of these on their own, and share those results with their customers, but they will almost never let you perform your own audit unless you they are hosting a private cloud for you, and then your access scope will be limited to that which is dedicated to you.

Logs

Logs will usually be accessible or provided to you by request, but the retention period may not be as long as you would like to have on premise. Make sure you discuss logging, retention periods, access requests, and the level of detail with your provider so that you are comfortable with it.

Physical security

Cloud service providers will frequently have extremely good physical security, and that may mean that customers are not permitted to visit datacenters. Remember, we are discussing cloud services, not hosted datacenters, so your data might move from one datacenter to another dynamically anyway, so scheduling a site visit might prove fruitless anyway, unless you merely want to see an example site for your own satisfaction.

Encryption of data at rest

If you require encryption of data at rest, make sure you discuss this with your vendor early on in the sales discussions. Many cloud service providers won’t use encryption for data at rest. Key management between cloud datacenters can be a challenge, and the physical security already in place may make this an unnecessary (to them) extra bit of overhead.

Encryption of data in motion

Discuss how certificate management will be handled to make sure you understand all PKI requirements. Your provider may handle certificate management for you but don’t assume that means you won’t have any responsibilities for validation or authorization. At the same time, even if you are willing to accept the risk of clear text transmissions, you may find that unsupported by your vendor.

Physical location of data

Some countries have laws requiring that data reside within the borders of that country. Your customers may also want to make certain all their data remains in-country. Check with your legal team to make sure you understand those requirements and work with your vendor to understand their datacenter geographic boundaries.

Datacenter employees

Discuss the interviewing, background checks, vetting, bonding, drug testing, etc. that your vendor goes through for all employees to make sure you are comfortable with that. You may have to create or accept generic admin accounts, rather than working with a named account for every individual, and if you have requirements regarding the citizenship of administrative users, make sure you go over that with your vendor too.

There are a few things you want to make sure you understand about your relationship with your vendor of choice, and what you will and will not be able to do as it relates to security settings and audits, and you will need to work with your legal team to ensure that any existing contracts or legislation are compatible.

So work with your vendor to make sure you understand these things completely, and to your satisfaction. Ask questions, request audit reports and customer references, and do your homework. Security in the cloud is not something to take on faith; responsible vendors should have all the information you require and be willing to provide it within reasonable time frames. Just don’t be surprised they request an NDA before sharing specific audit findings, and if they don’t permit site visits.

By Casper Manes

This article was written by Casper Manes on behalf of IT Channel Insight, a site for MSPs and Channel partners where you can find other related articles to cloud services 

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

3 Responses to Security In The Cloud: Logs, Audits, Encryption…

  1. Just read your post and would like to thank you for maintaining such a cool blog. Just like my friend Edward I am also a folder lock user and I was surprised when I came to know that it also offers free online backup with fast and secure encryption.
     

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery

Cloud Infographic – The Power Of Cloud Disaster Recovery Preventing a Cloud Disaster is one thing. Recovering from a disaster is a whole other area of concern. Today’s infographic provided by CloudVelox outlines some best practices and safeguards in order to help your business make more informed decisions. About Latest Posts Follow Us!CloudTweaksEstablished in 2009,…

Cloud Infographic: Most Used Cloud Apps

Cloud Infographic: Most Used Cloud Apps

Cloud app and analytics company, Netskope released its quarterly Cloud Report. The new report reveals that enterprise employees are using an average of 397 different cloud apps (most of which are unsanctioned), when IT estimated they have 40-50 — that’s a tenfold underestimation. Below is an infographic provided courtesy of the group at Netskope which goes into further detail.…

IBM and SAP Announce Industry’s Largest Cloud Deal

IBM and SAP Announce Industry’s Largest Cloud Deal

IBM and SAP Announce Industry’s Largest Cloud Deal IBM and SAP have shaken the cloud computing world this afternoon with the announcement of one of the largest cloud deals in the industry’s history – bringing together two of the largest technology companies in a bid to offer a more holistic service to their clients. SAP…

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data Big Data is BIG business and will continue to be one of the more predominant areas of focus in the coming years from small startups to large scale corporations. We’ve already covered on CloudTweaks how Big Data can be utilized in a number of interesting ways from preventing world hunger to…

Featured Sponsors

Moving From Email Into The Cloud

Moving From Email Into The Cloud

Mobile Collaboration In The Cloud Imagine that you, as a manager, are told by the powers that be that you have to find “efficiencies” within your department that will result in one million dollars of savings annually. You struggle with this. You send an email to everyone on your senior team. “Where can we save…

Sponsors

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future of Work: What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at…

Placement Opportunities - Find Out!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter