A number of recent surveys on cloud computing have shown that security in the cloud is the number one concern among organizations considering cloud adoption.
Large enterprises are still cautious about moving their applications and data to the cloud environment as many of them view it as a complete loss of control over security and data. There are many arguments within the IT community about whether the shortcomings of the cloud, with security being the most stated one, will outweigh the benefits or not. The obvious reality is that the cloud is still evolving, and solution providers battling for customer attention are developing and deploying more sophisticated security measures to ensure best security and privacy practices.
Some experts in the cloud domain even claim that the expertise of established giants of the cloud industry, such as Google, can provide higher security considering that they can afford to employ the best specialists in the field vs. a customer’s in-house security team. Wherever the truth lies, cloud customers, both SMBs and enterprises, should always demand transparency from a cloud vendor and receive detailed instructions on the security measures that they have established. They should also ensure that the cloud provider lists the guaranteed security controls in a SLA agreement.
Gartner has listed the following 7 as the top security risks that are a potential threat to companies moving to a cloud environment:
user access to data and information
compliance with regulations
location of the data
the encryption used at every level
recovery measures in the event of a security breach
investigative support
long-term viability of the agreement between the provider and the user.
The first question that comes to every cloud customer’s mind is—”Where dose my data reside?” This is a very legitimate question, as the location of the data center can greatly affect data security. Some cloud vendors have data centers offshore in countries with different privacy and security laws, meaning that the control over the user data may be exposed to third party, such as cloud administrators. Cloud customers should ask the solution provider about the location of their data centers and also about the security measures they execute in case of a security breach.
When considering a cloud vendor, companies have to make sure that the provider is aware of its duty to assist the customer in being compliant with governmental data security and privacy standards.
Another important thing to be sure of is that the cloud vendor uses encryption for securing data at rest and in transit. The cloud service provider should encrypt data on storage devices at all times in order to prevent data breaches. Companies have to make sure that their data is protected when transmitted over the Internet by always being encrypted and authenticated by the cloud provider.
BizCloud is dedicated to helping companies mitigate potential risks involved with cloud migration. Partnering with the leading cloud providers, BizCloud identifies the best providers or solutions for our clients. The right choice of cloud vendor depends on a thorough assessment of their offerings which is exactly what BizCloud’s cloud experts do for our clients.
Since the security of data is one of the most important considerations when choosing a cloud vendor, we decided to highlight OpSource and their “defense-in-depth” security strategy that makes them a leader in Enterprise-Class Security. Here is the short overview of security measures provided by OpSource Cloud Hosting.
OpSource Cloud Hosting provides the security and control that enterprises demand. Unlike other commodity cloud services, OpSource provides an environment to configure and lock-down your compute and storage environments. With Opsource Cloud Networks, customers are able to configure VLANs between servers, configure ACL-based firewalls, and control and track administrative usage. Data is encrypted while being transferred as well as at rest.
Rather than implementing their network security on top of their virtualized servers, OpSource Cloud Networks is a truly network-based implementation running within their Cisco switching fabric. Customers manage and configure OpSource Cloud Networks via the web-based OpSourceCloud.net user interface or Open API.
Role-based Administrative Control
VPN administration of all servers
Unique username and password for multiple administrators
Role-based permissions allow an administrator to limit to manage only certain resources, such as servers, storage or networks.
Reporting
Audit logs of all environmental changes
Compliance
OpSource maintains SAS-70 attestation in conjunction with their auditor SAS 70 Solutions. Their SAS-70 attestation is based on an in-depth series of documented controls covering the operational management of the OpSource Cloud Hosting infrastructure.
24/7 Incident Response
OpSource Security Incident Response Team to handle reports of security incidents. The OSIRT will escalate the incident to law enforcement and/or executive management as prescribed in security policies.
http://www.google.com/url?sa=X&q=http://juridicum.net/sawyerjefferson/2010/12/30/overcoming-cloud-security-issues/&ct=ga&cad=CAcQARgAIAIoATAAOABA7cvz6ARIAlAAWABiBWVuLVVT&cd=yXeLKNZ3_SE&usg=AFQjCNH1rbcbvQHc_liKV4XbO_Ekk4S-VA
Join Us: http://bit.ly/joincloud
No comments:
Post a Comment