Cloud computing security from user perspective

dblacharski
dblacharski30 weeks ago

Cloud computing security is approached from two directions; the cloud provider, and the end user. Regarding the provider, our strategy is "trust but verify," and ensuring that we use a cloud provider that offers a state of the art data center, 24x7 physical and virtual security, monitoring and alerts, etc. But what steps can you take as a client of a hosting provider to make sure your software-as-a-service and infrastructure-as-a-service products are safe? Or, are we just left to rely solely on the provider?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
jimlynch 30 weeks ago
Vote Up (7)

Hi dblacharski,

I think you need to research potential providers, and also have a clear list of things to be on the lookout for as you go about your research. Here's an interesting article about how to evaluate cloud computing providers that might help you get started.

How to Evaluate Cloud Computing Providers
http://www.datacenterknowledge.com/archives/2010/06/01/how-to-evaluate-c...

Snippet:

"Enterprises looking to outsource infrastructure to cloud computing providers face a bewildering number of choices today. New cloud providers are popping up every month and many traditional service providers are rebranding services as cloud hosting. So how does your enterprise evaluate and select the right cloud platform?

First off, as most Data Center Knowledge readers may know, Infrastructure-as-a-Service (IaaS) cloud platforms are a viable alternative to traditional server and storage infrastructure. And while this article will focus on IaaS, many of my points are relevant for Platform-as-a-Service (Paas) and Software-as-a-Service (SaaS) clouds, too."

sspade
sspade 49 weeks ago
Vote Up (11)

One shouldn't just assume that everything is handled by the provider, even if their sales representatives try to make it sound as such. That adage "trust by verify" is pretty accurate - first you'd make a baseline assessment of what the cloud provider says, and run some tests where possible. But it's also a good idea to try to come up with your own policies or procedures that won't place private data at risk on the server. For instance, I'm often asked for my social security number by folks who have no business capturing that kind of data. You might want to look at the data your company is storing on the cloud, and make a determination that some data needs to be hashed and salted, then encrypted in such a manner so that when it's on the cloud, it doesn't pose a risk.

Answer this Question

Related Questions

Lemarchand
Lemarchand
31 weeks ago
Are you ready to deploy a Next Generation Firewall?

Is Palo Alto the only true NGFW? SonicWall? Juniper SRX? Do you think that Gartner's definition of a NGFW is correct? Does anyone know...

Tags:
Answer It
tover
tover
30 weeks ago
I'm considering a slight career change to IT security - what do I need to consider?

I've been in IT for awhile, and am considering a shift to focus more on security and related technologies, policies, etc. What kinds of...

Tags: infosec
Answer It
dblacharski
dblacharski
30 weeks ago
Smartphone security apps

Are there reputable security applications out there for BlackBerry, Android, and iPhone that will protect my business emails, chats, and...

Tags: email security, smartphone security
Answer It
dblacharski
dblacharski
30 weeks ago
Recovering data from crashed hard drive

Yes, it's true that everyone should know better, and should be backing up data to an off-site facility on a regular basis. But, in...

Tags:
Answer It
max
max
20 weeks ago
What's the best antivirus software?

Anyone have a favorite antivirus software solution they'd recommend? I work for a small-medium-sized business (about 500 employees) so...

Tags:
Answer It

Ask a question

Join Now or Sign In to ask a question.
Mayor of New Jersey town arrested on hacking and conspiracy charges
The mayor of West New York, New Jersey, was arrested together with his son on Thursday, for allegedly hacking into a website that criticized him and his administration.
Unthethered jailbreak for iOS 5.1.1 available for download
Absinthe 2.0, the jailbreak for iOS 5.1.1, is ready and available for download, the Jailbreak Dream Team announced at the Hack in the Box conference in Amsterdam on Friday.
Judge orders drug evidence suppressed in warrantless GPS tracking case
A federal judge in Kentucky this week upheld a lower court's decision to throw out crucial evidence in a drug case because the evidence was gathered with the help of a GPS tracking device installed without a warrant.
Lawmakers call on DOJ to reopen investigation into Google Wi-Fi spying
Two U.S. lawmakers have called on the U.S. Department of Justice to reopen its investigation into Google's snooping on Wi-Fi networks in 2010 after recent questions about the company's level of cooperation with federal inquiries.
Researchers propose TLS extension to detect rogue SSL certificates
A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently-issued SSL certificates.
Windows 8 to run Adobe Flash only on some websites
The touch-centric Metro version of Internet Explorer 10 in Windows 8 is plug-in free, but the browser may still be able to run Adobe Flash video, according to an online report. Microsoft is reportedly taking the Google Chrome approach with IE10 and building Flash capability directly into the touch-friendly browser. But Flash won't be available for every site on the Web in Metro IE10. Instead, Microsoft will only extend the capability to select popular sites, according to Windows bloggers Paul Thurrott and Rafael Rivera.
European privacy regulators want more detail on Google's policy changes
vour rhz
Yahoo leaks private key, allows anyone to build Yahoo-signed Chrome extensions
Yahoo was forced to release a new version of its Axis extension for Google Chrome after the original one contained a private key that allowed anyone to digitally sign extensions in Yahoo's name.
Security researcher urges IT managers to keep up with SAP patches
More than 95 percent of over 600 SAP systems tested by security firm Onapsis were vulnerable to espionage, sabotage and fraud, mainly because patches had not been applied, according to a researcher.
Bug bounty hunters reveal eight vulnerabilities in Google services
Security researchers unveiled eight vulnerabilities in Google services during the Hack in the Box conference in Amsterdam on Thursday -- but they claim to have discovered more than 100 such bugs over the past few months.

White Papers & Webcasts

White Paper

IDC Vendor Spotlight

Your company needs backup and recovery that supports a tiered-recovery model. This IDC Vendor Spotlight examines the modern forces driving the advancements in today's data protection technologies, and a complete backup and recovery solution that works across physical, virtual and cloud environments.

White Paper

vRanger Helps Cut Replication Time by Almost 70%

There's a reason why more than 38,000 customers trust vRanger to protect their critical virtual data! In this Quest Software case study, see how vRanger helped Cornerstone Bancshares, Inc. cut replication time from days to minutes - and how this translated to real time and money savings.

White Paper

ESG: Product Brief: Quest vRanger 5.3 brings enterprise-class VMware protection to SMB's

Free paper: how virtualization impacts SMBs, and strategies for enterprise-class VMware protection

White Paper

Forrester Report: The ROI of Cloud Apps

Cloud apps continue to gain momentum in the enterprise as buyers are attracted to fast deployment speeds, low upfront costs, and ongoing flexibility to scale up or down as needs change. This report analyzes the five-year ROI for cloud apps across CRM, ERP, collaboration, and IT service management.

White Paper

The Cloud: Reinventing Enterprise Collaboration

Collaboration and content sharing are not, of course, new concepts. But cloud computing has changed the nature of collaboration, content sharing, document storage and project management to enable more efficient, faster-acting and cost-effective enterprises. According to a new study by IDG Research, the vast majority of knowledge workers (86%) placed a very high level of importance on collaborating with internal coworkers and external stakeholders, and having access to the most up-to-date corporate information. Read how organizations are realizing massive productivity gains by transitioning their content management solutions to cloud-based models.

See more White Papers | Webcasts

Most Active Members

jimlynch

jimlynch

0 questions | 854 answers

TRUSTED VOICE
lsmall

lsmall

14 questions | 86 answers

lbloom

lbloom

24 questions | 70 answers

dblacharski

dblacharski

22 questions | 69 answers

becker

becker

37 questions | 53 answers