Cloud Chivalry – Provider Pride

Cloud Chivalry – Provider Pride

As cloud deployments gain popularity, increasing attention is paid to provider security strength. The cloud security alliance, for example, releases a yearly list of top threats, covering everything from malicious use, data loss, and service hijacking. Heightened public awareness of the cloud has led to oddly intuitive feelings of insecurity – if data resides off-site, it must surely be less secure.

Though it’s hard to imagine cloud providers with shield raised against whatever virtual attack might breach a client’s peace, there’s an increasing need for solid cloud security – cloud chivalry, even – which defends otherwise helpless company data from attack. Public and private providers have responded; in many cases, cloud deployments are now more secure than local servers.

Here are three simple ways spot knight-like providers.

Secure Priorities

All cloud deployments require trust. Companies entrust their provider with critical data and expect a measure of care in return. Because cloud computing is still a maturing technology, standard wording does not exist for security in most service-level agreements, meaning company IT professionals need to evaluate providers on a case-by-case basis.

The first sign of a trustworthy provider is their willingness to talk about security concerns. Not only should responsibilities be spelled out in an agreement – with clear expectations for both provider and customer – but there should be evidence of careful thought in security design. Cloud computing offers fertile ground for startup providers and tempting fruit for tech giants; secure providers are those who commit fully to the cloud, rather than attempt to tack on services bit by bit. Look for the total package.

Optimal Protection

Once you’ve identified a tentative provider, consider specifics. While the physical security of an off-site storage location is important, including 24/7 monitoring and controls to prevent data loss or damage – it’s important that storage architecture goes beyond the basics. This means taking measures to isolate workloads in shared tenancy, in turn preventing accidental cross-contamination on a physical server. Providers should be aware of not only potential threats from beyond a storage facility but understand the interconnected nature of their compute offering: what affects a single customer affects many.

Administrative Access

It’s also important to consider access. While cloud chivalry includes a certain amount of trust extended to third-party providers, these providers need clear-cut access polices. Company IT pros should always have access to their data, and provider admins should only need data access for specific circumstances. No access should ever go unrecorded, and companies should always be kept in the data-use loop.

Cloud security is simpler than much media hype makes it seem. Providers are crucial in the defense of data, and it’s getting easier to separate knaves from knights.

By Doug Bonderud,

Doug Bonderud is a freelance writer, cloud proponent, business technology analyst and a contributor on the Dataprise Cloud Services website.

Follow Us!

cloudtweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

cloud-sponsorship

Add Comment Here