Security In The Cloud: Logs, Audits, Encryption…

Security In The Cloud: Logs, Audits, Encryption…

Considering a move to the cloud for one or several of your key services? If so, you are not alone. Cloud computing is growing exponentially as more and more vendors are starting to offer services, and as more businesses are beginning to see the potential for cost savings as well as the ability to offer new services that were beyond their capacity. When moving services to the cloud, you are moving critical parts of your IT infrastructure and corporate information assets to systems that you will not have direct administrative access to. You will be relying on your vendor to provide security, auditing, and change management for these components, and will be relying upon them to secure your data.

Security in the cloud is very good, and in many cases the economies of scale vendors have at their disposal along with the specialized staffing means it will be better than what you could reasonably accomplish on your own, but you do want to make sure you understand all aspects of security in the cloud.

Audits

Let’s get the biggest one out of the way first; audits. Find out what security audits and accreditations your vendor goes through, and make sure they are compatible with any requirements (contractual or legislative) you may be under. ISO 20000, 27001, SAS70 Types 1 and 2, and others are all relevant, but your vendor will obtain one or more of these on their own, and share those results with their customers, but they will almost never let you perform your own audit unless you they are hosting a private cloud for you, and then your access scope will be limited to that which is dedicated to you.

Logs

Logs will usually be accessible or provided to you by request, but the retention period may not be as long as you would like to have on premise. Make sure you discuss logging, retention periods, access requests, and the level of detail with your provider so that you are comfortable with it.

Physical security

Cloud service providers will frequently have extremely good physical security, and that may mean that customers are not permitted to visit datacenters. Remember, we are discussing cloud services, not hosted datacenters, so your data might move from one datacenter to another dynamically anyway, so scheduling a site visit might prove fruitless anyway, unless you merely want to see an example site for your own satisfaction.

Encryption of data at rest

If you require encryption of data at rest, make sure you discuss this with your vendor early on in the sales discussions. Many cloud service providers won’t use encryption for data at rest. Key management between cloud datacenters can be a challenge, and the physical security already in place may make this an unnecessary (to them) extra bit of overhead.

Encryption of data in motion

Discuss how certificate management will be handled to make sure you understand all PKI requirements. Your provider may handle certificate management for you but don’t assume that means you won’t have any responsibilities for validation or authorization. At the same time, even if you are willing to accept the risk of clear text transmissions, you may find that unsupported by your vendor.

Physical location of data

Some countries have laws requiring that data reside within the borders of that country. Your customers may also want to make certain all their data remains in-country. Check with your legal team to make sure you understand those requirements and work with your vendor to understand their datacenter geographic boundaries.

Datacenter employees

Discuss the interviewing, background checks, vetting, bonding, drug testing, etc. that your vendor goes through for all employees to make sure you are comfortable with that. You may have to create or accept generic admin accounts, rather than working with a named account for every individual, and if you have requirements regarding the citizenship of administrative users, make sure you go over that with your vendor too.

There are a few things you want to make sure you understand about your relationship with your vendor of choice, and what you will and will not be able to do as it relates to security settings and audits, and you will need to work with your legal team to ensure that any existing contracts or legislation are compatible.

So work with your vendor to make sure you understand these things completely, and to your satisfaction. Ask questions, request audit reports and customer references, and do your homework. Security in the cloud is not something to take on faith; responsible vendors should have all the information you require and be willing to provide it within reasonable time frames. Just don’t be surprised they request an NDA before sharing specific audit findings, and if they don’t permit site visits.

By Casper Manes

This article was written by Casper Manes on behalf of IT Channel Insight, a site for MSPs and Channel partners where you can find other related articles to cloud services 

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

3 Responses to Security In The Cloud: Logs, Audits, Encryption…

  1. Just read your post and would like to thank you for maintaining such a cool blog. Just like my friend Edward I am also a folder lock user and I was surprised when I came to know that it also offers free online backup with fast and secure encryption.
     

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Monetization of the Internet of Things – Q&A With Brendan O’Brien

Monetization of the Internet of Things – Q&A With Brendan O’Brien

Q&A With Brendan O’Brien, Co-Founder of Aria Systems (Part 1) Monetization of the internet of things (IoT) is one of the most exciting and challenging issues facing the industry today, so we spoke with Brendan O’Brien to learn more. Brendan is the Co-Founder of Aria Systems, who are one of the leading innovators in recurring…

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow

Cloud Infographic: The Education Of Tomorrow  Online Education is a very exciting topic for many as it opens up many new doors and opportunities. We’ve touched on areas such as Massive Open Online Sources (MOOC) which provides tremendous levels of cloud based interconnectivity. We’ve taken a look into higher education,  the increased demand for online courses as well as…

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Cloud Infographic: Cloud Public, Private & Hybrid Differences

Many people have heard of cloud computing. There is however a tremendous number of people who still cannot differentiate between Public, Private & Hybrid cloud offerings.  Here is an excellent infographic provided by the group at iWeb which goes into greater detail on this subject. Infographic source: iWeb About Latest Posts Follow Us!CloudTweaksEstablished in 2009,…

Cloud Computing Offers Key Benefits For Small, Medium Businesses

Cloud Computing Offers Key Benefits For Small, Medium Businesses

A growing number of small and medium businesses in the United States rely on as a means of deploying mission-critical software products. Prior to the advent of cloud-based products — software solutions delivered over the Internet – companies were often forced to invest in servers and other products to run software and store data. The…

5 Considerations You Need To Review Before Investing In Data Analytics

5 Considerations You Need To Review Before Investing In Data Analytics

Review Before Investing In Data Analytics Big data, when handled properly, can lead to big change. Companies in a wide variety of industries are partnering with data analytics companies to increase operational efficiency and make evidence-based business decisions. From Kraft Foods using business intelligence (BI) to cut customer satisfaction analysis time in half, to a…

Featured Sponsors

The Internet of Everything Opens Up The World

The Internet of Everything Opens Up The World

Shaping The World With New Technologies As a connected collection of intelligent objects, the Internet of Everything promises to open up those areas of the world hardest hit by economic, political and agricultural blights. Relatively inexpensive devices, paired with revolutionary energy sources and unprecedented access to information offer great promise to farmers and workers in…

2015 Advertising Opportunities - Find Out More!

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Blue square_logo_100x100-01
cisco_logo_100x100 vmware citrix100

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter