Cloud computing security from user perspective

dblacharski

Cloud computing security is approached from two directions; the cloud provider, and the end user. Regarding the provider, our strategy is "trust but verify," and ensuring that we use a cloud provider that offers a state of the art data center, 24x7 physical and virtual security, monitoring and alerts, etc. But what steps can you take as a client of a hosting provider to make sure your software-as-a-service and infrastructure-as-a-service products are safe? Or, are we just left to rely solely on the provider?

Topic: Security
Answer this Question

Answers

2 total
sspade
Vote Up (30)

One shouldn't just assume that everything is handled by the provider, even if their sales representatives try to make it sound as such. That adage "trust by verify" is pretty accurate - first you'd make a baseline assessment of what the cloud provider says, and run some tests where possible. But it's also a good idea to try to come up with your own policies or procedures that won't place private data at risk on the server. For instance, I'm often asked for my social security number by folks who have no business capturing that kind of data. You might want to look at the data your company is storing on the cloud, and make a determination that some data needs to be hashed and salted, then encrypted in such a manner so that when it's on the cloud, it doesn't pose a risk.

jimlynch
Vote Up (25)

Hi dblacharski,

I think you need to research potential providers, and also have a clear list of things to be on the lookout for as you go about your research. Here's an interesting article about how to evaluate cloud computing providers that might help you get started.

How to Evaluate Cloud Computing Providers
http://www.datacenterknowledge.com/archives/2010/06/01/how-to-evaluate-c...

Snippet:

"Enterprises looking to outsource infrastructure to cloud computing providers face a bewildering number of choices today. New cloud providers are popping up every month and many traditional service providers are rebranding services as cloud hosting. So how does your enterprise evaluate and select the right cloud platform?

First off, as most Data Center Knowledge readers may know, Infrastructure-as-a-Service (IaaS) cloud platforms are a viable alternative to traditional server and storage infrastructure. And while this article will focus on IaaS, many of my points are relevant for Platform-as-a-Service (Paas) and Software-as-a-Service (SaaS) clouds, too."

Ask a question

Join Now or Sign In to ask a question.
A security precaution skipped in mobile applications such as Facebook's Messenger could be abused to make an expensive phone call at a victim's expense, a developer contends.
The U.S. National Institute of Standards and Technology (NIST) is developing a guide for testing third-party apps to ensure that they are secure and don't introduce any vulnerabilities.
With a Microsoft-mandated deadline a little more than two months away, computer makers are still selling PCs equipped with Windows 7 Home Premium.
Many businesses focus on record retention, but here's why one lawyer says "Destroy!"
With a single massive power burst, storage media that suddenly heads south, or interaction with a light-fingered ne'er-do-well, the technology your student depends on can vanish. Take these five tips to heart, however, and the loss of a device or data need not be catastrophic.
U.S government agencies will work to release cyberthreat information faster to the health-care industry after a massive breach at hospital operator Community Health Systems, representatives of two agencies said.
A type of body scanner in wide use across U.S. airports through last year fails to spot well-concealed weapons including guns and knives, computer security researchers contend.
A modified version of Android uses a system of modularized plugins to help make sure the latest security tools make it into the hands of end users as quickly as possible.
The UPS Store said Wednesday that malicious software was found on the systems of 51 of its franchises in 24 U.S. states, although no fraud has been detected yet.
Start-up SentinelOne is offering security software for behavior-based malware detection intended to augment, not replace, the type of full anti-virus endpoint protection suites that typically also have signature-based defense, a firewall and other features.
randomness