July 18, 2013

What Should You Look For In A Cloud Security Vendor?

By CloudTweaks

Cloud Security Vendor

Protecting the security of your cloud data during its transmission, storage, and access is an ongoing, fundamental concern as technology continues to evolve, intrusion possibilities increase, and BYOD becomes more common. Here are the five areas to consider when evaluating how the security of your cloud vendor stacks up.

How is My Data Physically Protected?

Any potential problem or threat to the physical data center should be covered from every angle, with continual and back up protection plans in place. Environmental controls should be systematic through proactive care and maintenance of the data center, including fire detection and suppression systems, climate and temperature controls, and 24/7 electrical power with redundancy and generator backup. It also means consistent identification and problem resolution for electrical, mechanical, and other systems for ongoing equipment operability.

How do I know Transmission Over the Network is Secure?

Encryption for data in transit over the network should be at the most advanced level—such as 256-bit SSL—and include enterprise-grade security measures over networks without WAN or VPN controls (like many companies these days). Additionally, advanced network security protection such as unique key management functionality is recommended.

How is My Data Protected in the Cloud?

Data stored in the cloud should be protected with the strictest authentication and access controls. Stored data should be encrypted, such as with 256-bit AES.

When it comes to file retention and version control, the customers should be able to enforce their own retention policies. They should also be able to remove access for single accounts if desired. This means that if a hacker gains access to the data of one company, they do not gain access to any other companies’ data. Customer access to data should be controlled by 2-factor encryption. Data compartmentalization schemes ideally utilize a multi-pronged segregation approach, with the following types of measures in place: access credentials, customer meta data with the use of S3 buckets and unique 256 AET encryption keys.

How is Data Access Managed?

The need of users to retrieve data must be weighed against the security of data access itself. Access to data should require single sign-on with SAML 2.0, as well as multi-step authentication, such as two-factor encryption-based credentials and use of a different PIN entry each time.

Access controls by the customer should also be available by different and separate admin roles, such as a server or profile administrator, based on their responsibility for data access. The cloud vendor should not have any access to the company’s data unless expressly permitted by the customer.

The customer should be able to set access controls for different roles, such as server or profile administrator, based on their responsibility for data access.

In order to provide transparency and accountability, there should be a complete audit trail of all data access activity available.

What Happens to Data if a Disaster or Failure Occurs?

In case of disaster such as power or other data center failure, service levels and data access should still be maintained. This can be achieved with data redundancy controls, such as having separate data centers clustered in key global regions and multi-zone redundancy in case failure occurs in any one zone.

No matter how cloud technology changes, end-to-end data protection is a must. Find out how your cloud vendor secures its data from all points.

 

By Srivatsan Srinivasan, 

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services. Contact us for ways on how to contribute and support our dedicated cloud community.
Anastasios Arampatzis

Insider Threats: The Trojan Horses in Intellectual Property Theft

The Invisible Enemy In the rapidly evolving landscape of global business, intellectual property (IP) stands [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more
Derek Pilling

Is My Data Architecture Multi-Cloud or Multiple Cloud?

Multi-Cloud or Multiple Cloud? In the post, What is Multi-Cloud?, we defined multi-cloud in the [...]
Read more

5 Reasons You Need DAST to Secure Your Cloud

5 Reasons You Need DAST to Secure Your Cloud What Is DAST? Dynamic Application Security [...]
Read more
Stacey Farrar

Copilot Is Here: What to know before migrating to Microsoft 365

Migrating to Microsoft 365 Microsoft is the latest company to unveil enhanced artificial intelligence (AI) [...]
Read more
Randy

2024 Cloud Security Trends: Navigating the Evolving Landscape of Protection and Backup

2024 Cloud Security Trends Cloud protection and backup trends in 2024 are evolving rapidly, influenced [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.