Cloud computing security from user perspective

ITworld Answers

Ask a Question

Cloud computing security from user perspective

dblacharski 1 year ago

Cloud computing security is approached from two directions; the cloud provider, and the end user. Regarding the provider, our strategy is "trust but verify," and ensuring that we use a cloud provider that offers a state of the art data center, 24x7 physical and virtual security, monitoring and alerts, etc. But what steps can you take as a client of a hosting provider to make sure your software-as-a-service and infrastructure-as-a-service products are safe? Or, are we just left to rely solely on the provider?

Topic: Security

Answer this Question

Login or register to post answers
Permalink

Answers

2 total

jimlynch 1 year ago

Hi dblacharski,

I think you need to research potential providers, and also have a clear list of things to be on the lookout for as you go about your research. Here's an interesting article about how to evaluate cloud computing providers that might help you get started.

How to Evaluate Cloud Computing Providers
http://www.datacenterknowledge.com/archives/2010/06/01/how-to-evaluate-c...

Snippet:

"Enterprises looking to outsource infrastructure to cloud computing providers face a bewildering number of choices today. New cloud providers are popping up every month and many traditional service providers are rebranding services as cloud hosting. So how does your enterprise evaluate and select the right cloud platform?

First off, as most Data Center Knowledge readers may know, Infrastructure-as-a-Service (IaaS) cloud platforms are a viable alternative to traditional server and storage infrastructure. And while this article will focus on IaaS, many of my points are relevant for Platform-as-a-Service (Paas) and Software-as-a-Service (SaaS) clouds, too."

Share this answer
Permalink

sspade 1 year ago

One shouldn't just assume that everything is handled by the provider, even if their sales representatives try to make it sound as such. That adage "trust by verify" is pretty accurate - first you'd make a baseline assessment of what the cloud provider says, and run some tests where possible. But it's also a good idea to try to come up with your own policies or procedures that won't place private data at risk on the server. For instance, I'm often asked for my social security number by folks who have no business capturing that kind of data. You might want to look at the data your company is storing on the cloud, and make a determination that some data needs to be hashed and salted, then encrypted in such a manner so that when it's on the cloud, it doesn't pose a risk.

Share this answer
Permalink

Answer this Question

Ask a question

Testing cell networks across America: Phone crime is real

Our wireless testing guru ran into the dangerous world of smartphone crime several times while testing in America's largest cities.

Texas drone bill sparks a battle

The battle to find a balance between privacy concerns and the beneficial use of drones for commercial and law enforcement purposes is in sharp focus in a bill that's winding its way through the Texas legislature.

Alleged tech support scammers settle FTC charges

Operators of two alleged tech support scams that charged consumers hundreds of dollars to supposedly fix their computers have settled charges from the U.S. Federal Trade Commission.

Police arrest Anonymous suspects in Italy

Italian police arrested four suspected hackers Friday, accusing them of having taken control of the Italian branch of the Anonymous network.

Researchers uncover new global cyberespionage operation dubbed SafeNet

Security researchers from Trend Micro have uncovered an active cyberespionage operation that so far has compromised computers belonging to government ministries, technology companies, media outlets, academic research institutions and nongovernmental organizations from over 100 countries.

New Mac spyware found on Angolan activist's computer

Previously unknown Mac OS X spyware, signed with a valid Apple Developer ID, has turned up on the laptop of an activist from Angola at a human rights conference in Norway.

In a sea of malware, viruses make a small comeback

The computer virus seems to be making a subtle comeback.

At Google I/O, Glass wearers say 'trust us'

Google is facing some tough questions from Congress over the privacy concerns raised by Glass, its fledgling augmented reality system for recording and receiving information on the fly. But on the ground at the company's I/O conference for developers, attendees are largely enthusiastic about the technology.

Four former LulzSec members sentenced to prison in the UK

Four British men associated with the LulzSec hacker collective received prison sentences Thursday for their roles in cyberattacks launched by the group against corporate and government websites in 2011.

SunGard brings cloud service to disaster recovery

Can the old guard in business continuity and disaster-recovery services thrive in an era when the companies are looking at new ways to process business data? SunGard Data Systems, with decades of experience in availability services, is feeling the pinch as some business clientele move data to the cloud. But SunGard says it's pushing forward with innovations that are making it a public cloud provider as well with the kind of application availability it says will be hard to match elsewhere.