Building a fortress in the cloud for your critical data

By Jose Albino, director of operations and compliance, Hughes Cloud Services, Network World |  Security, cloud security

If encryption is applied, you need to ask what functionality is used. Determine if it is inherent capability or third-party software. Ask if they are using a specific PKI strategy and whether they are using data loss prevention (DLP) tools. All of the answers to these questions define how your data is protected and the "security maturity level" of your potential cloud provider.

Another element of this question is organization-specific. Based on what industry you are in, there will be some minimum requirements in place that will tell you whether or not you can store your information in a cloud provider's facility. Government organizations, for example, require that data is protected by token-based encryption. If your potential partner cannot come up with that answer, then you will not be moving into that facility.

2. What compliance regulations do you subscribe to?

Given your organization, there may be specific compliance regulations for housing and managing your data. By choosing a cloud provider that already adheres to PCI security standards for credit card transactions or to HIPPA for storing medical records, for example, you are able to ensure that, without question, auditors will find this data to be properly secured.

To be certain you are meeting these regulations, you should be able to request to test these security standards. Any trustworthy cloud provider will gladly allow you set up a vulnerability test on the facility to prove they meet your compliance needs.

You must also, however, be sure to ask whether all of a provider's data centers are meeting these compliance standards. Just because one of the vendor's data centers meets these regulations, doesn't mean that is the case across the board, and you must be certain your data always remains in compliant facilities.

3. How are you storing my data?

Many do not view this as a security question, but understanding the architecture of a virtual or dedicated physical environment and knowing how a provider is going to "build the fortress" is key to knowing that your data is truly secure and ensuring that there is a trusted level of accountability.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness