Gartner: Don't trust cloud provider to protect your corporate assets

By Brandon Butler, Network World |  Security

When a family with a baby buys a new car, they don't buy a car seat from the vehicle manufacturer: There is specialized equipment to handle the family's most sensitive asset. John Pescatore, a Gartner vice president and security analyst, says cloud security can be thought of in a similar way: Users shouldn't rely on their cloud service provider's security features to protect their most critical data.

Sensitive information that needs to be protected -- customer data, mission critical applications, production-grade information -- in many cases needs its own security controls to be fully protected. "As you move out to cloud-based models, there are some things you can trust your cloud provider with, but for critical business data and regulation-controlled information, very rarely is the infrastructure going to be enough," Pescatore said during a webinar sponsored by Gartner this week.

AS YOU LIKE IT: Customizable cloud SLAs on the way, researchers predict

MORE CLOUD: 5 desktops in the cloud

Security remains a top concern for companies looking to deploy a cloud strategy, but Pescatore says there are ways to alleviate the fears. One key, he says, is to have security provisions that are designed to specifically protect cloud applications, data or workloads. A prime example is credit card information. Payment Card Industry (PCI) certification requires that any customer credit card data that is stored electronically be encrypted. Some cloud service providers will offer encryption services within their cloud-based storage offering. But, there are a range of third-party applications that customers can buy to provide encryption services, distributed denial-of-service (DDoS) protection, and access control measures that are tailored specifically for cloud deployments. Many of these are delivered in a cloud format.

There are a variety of cloud security products on the market for numerous functions. Providers such as Zscaler, Websense or ScanSafe from Cisco are "gateway" products that sit between the user and the cloud provider to monitor what data is being put into the cloud and to make sure malicious data or applications don't penetrate into the user's system. If the cloud is being used to host a website, there are website protection services, such as Imperva, CloudFlare and even some from Akamai in this area, for example.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question