The cloud is here to stay.
While some will run in fear of the unknown, others know using the cloud makes sense when it comes to flexibility, cost effectiveness and capacity. These aren’t the only considerations businesses should be referring to when it comes to the cloud, however. It is also extremely necessary to give importance to the security of the data that they wish to store there.
This is because the attacks which are typical in on-premise centres, such as malware, botnets, and brute force attacks, for example, are now also honing in on cloud environments. In addition, the variety of attacks which are in existence and are a threat to companies in the cloud has increased this year to rival that of on-premise data centres. Finally, solutions on which security professionals conventionally rely to combat these threats aren’t sufficient when data moves to the cloud.
In order to be assured that your provider takes the security of your data seriously, make sure you determine whether the cloud service provider business with can answer the following questions with confidence:
1. What is their data encryption strategy and how is it implemented?
2. What is the hypervisor and provider infrastructure patching schedule?
3. How do you isolate and safeguard my data from other customers?
4. How is user access monitored, modified, and documented?
5. What regulatory requirements does the provider subscribe to?
6. What is the provider’s back-up and disaster recovery strategy?
7. What visibility will the provider offer your organisation into security processes and events
Of course, these aren’t the only questions to ask when it comes to security, but it is a pretty good start whether you’re commencing a new project or have been with a cloud service provider for many years. The degree of competence evident in the answers given to the questions above will help you judge just how secure your data could be with that cloud provider and how seriously they take data security more generally.
By Stephen Coty, chief security evangelist for Alert Logic
About Alert Logic
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.