Choosing A Cloud Hosting Provider with Confidence
Cloud computing is rapidly transforming the IT landscape, and the conversation around adopting cloud technology has progressed from “if” to “when .” Enterprises are showing strong interest in outsourced (“public”) cloud offerings that can help them reduce costs and increase business agility. These cloud services offer enormous economic benefits but they also pose significant potential risks for enterprises that must safeguard corporate information assets while complying with a myriad of industry and government regulations.
Many cloud service providers can deliver the security that enterprises need and SSL (secure sockets layer) certificates are part of the solution. More specifically, SSL is the solution for securing data when it is in motion. The goal of this white paper is to help enterprises make pragmatic decisions about where and when to use cloud solutions by outlining specific issues that enterprises should raise with hosting providers before selecting a vendor, and by highlighting the ways in which SSL from a trusted Certificate Authority (CA) can help enterprises conduct business in the cloud with confidence.
For the enterprise, cloud services offer lower IT capital expenditures and operating costs, on-demand capacity with self-service provisioning, and pay-per-use pricing models for greater flexibility and agility. The service provider, in turn, achieves exponentially greater economies of scale by providing a standardized set of computing resources to a large base of customers. Many enterprise hosting providers are already well positioned in the market and have the core competencies (people, processes, technology) to deliver the promise of cloud computing to the enterprise.
Despite the clear economic benefits of using cloud services, concerns about security, compliance and data privacy have slowed enterprise adoption. An IDC survey of IT executives reveals that security is the #1 challenge facing IT cloud services. Gartner Research has identified seven specific areas of security risk associated with enterprise cloud computing, and recommends that organizations address several key issues when selecting a cloud hosting provider:
• Access privileges – Cloud service providers should be able to demonstrate they enforce adequate hiring, oversight and access controls to enforce administrative delegation.
• Regulatory compliance – Enterprises are accountable for their own data even when it’s in a public cloud, and should ensure their providers are ready and willing to undergo audits.
• Data provenance – When selecting a provider, ask where their datacenters are located and if they can commit to specific privacy requirements.
• Data segregation – Most public clouds are shared environments, and it is critical to make sure hosting providers can guarantee complete data segregation for secure multi-tenancy.
• Data recovery – Enterprises must make sure their hosting provider has the ability to do a complete restoration in the event of a disaster.
• Monitoring and reporting – Monitoring and logging public cloud activity is hard to do, so enterprises should ask for proof that their hosting providers can support investigations.
• Business continuity – Businesses come and go, and enterprises should ask hard questions about the portability of their data to avoid lock-in or potential loss if the business fails.