According to Gartner, organizations are more likely to have a policy against sharing sensitive data with their business partners than with their cloud provider. But when it comes to sharing sensitive data, particularly with your cloud provider, one word comes to mind – Accountability. Your organization needs to be accountable for what data gets moved to the cloud and the state it’s in when it gets there (firewalls, encryption, policies, etc.). Businesses need to focus on following best practices and policies for cloud security – and not relying on the cloud provider for security features.
Who is responsible for information security in the cloud?
Cloud service providers are asked to ensure and continuously verify the effectiveness of their security strategies. But knowing only the security measures applied by the cloud service provider is not sufficient for businesses to protect data. Ultimately, the organization bears the responsibility for data security regardless of what cloud services it uses.
Questions you should have an answer for
Before deciding to migrate to cloud platforms you should have the answers to these questions:
- What are the possible consequences of a breach? Do we understand the risks of a breach?
- What skills and resources do we have in order to monitor the service level of the cloud service provider?
- Which security regulations/standards my industry requires? (you can find additional info related to industry specific regulations here)
- Can I keep a record of what type of data is stored in the cloud? How?
- What are our gaps, in terms of corporate, compliance, and security policies?
- How strong do my password policies need to be?
- What are our specific requirements with respect to security and compliance?
- What periodic reviews, internal audits, or reporting must be conducted to ensure the appropriate level of data security?
Ensuring information security best practices
The Cloud Security Alliance (CSA) encourages transparency of security practices within cloud providers through the promotion of best practices for security assurance in the cloud. CSA publishes and maintains the Security, Trust and Authority Registry (STAR) that addresses 13 key domains. One is Cloud Portability and Interoperability, and another one is Virtualization.
When choosing a cloud service provider, security should always be a priority. Organizations should ensure that their provider can support their requirements with respect to security and compliance. Plus, they should be aware of the provider’s plan for access control including application and personnel. Always be sure to ask the appropriate questions in relation to the security of data, and have full understanding of the provider’s plans for data encryption and key security.
RiverMeadow Software Inc., develops industry-leading SaaS that automates the migration of physical, virtual and cloud based servers (live and as-is) into and between public, private and hybrid clouds. Our RiverMeadow cloud migration SaaS is a rapid cloud migration solution developed specifically for Carrier and Service Provider Cloud IaaS platforms. Without having to install agents or quiesce servers, the RiverMeadow SaaS dramatically reduces the cost and complexity of cloud migration, enabling Carriers and Service Providers to quickly, easily and cost-efficiently deliver the benefits of cloud elasticity to enterprise and SMB customers. For more information contact us at firstname.lastname@example.org.
Photo source: http://www.sxc.hu/photo/1346284