2. Evaluate and Add Security, If Necessary.
CSPs provide significantly different levels of public cloud security. Pay attention to this while evaluating CSPs. The ISO/IEC 27000 series of standards provides guidelines for systematically examining information security risks, taking into account the threats, vulnerabilities and impacts, for designing and implementing a comprehensive suite of information security controls, and for adopting management processes to ensure that guidelines are followed.
Commentary: Why a CIO's Cloud Strategy Must Include Public Cloud Services
Organizations considering moving sensitive applications and data to the public cloud may need to evaluate and compare different CSPs based on these standards. If necessary, security measures that are used in an organization's internal private cloud may need to be extended to their public cloud instances. As noted, products such as CloudSpan let an organization enforce the same standard of information and application security policies on private and public instances alike.
3. Identify and Use the Right Third-Party Auditing Services.
When comes to security compliance, organizations need not simply take the CSP's word for it. Third-party auditing services can audit the actual, and consistent, application of security standards, processes and procedures at a CSP and compare them to the ones promised to the client.
SAS 70 Type II standards specify that these kinds of audits last for a minimum period of six months but could last longer. Moving a few applications to the public cloud and performing the audit over an extended period of time can give an organization the comfort level needed to move more sensitive applications and data to the cloud confidently.
4. Add Authentication Layers.
Most CSPs provide good authentication services for public cloud instances, but a product such as Halo NetSec from SaaS security vendor CloudPassage can help add an additional layer of authentication. Here's where you need to weigh the benefits of better public cloud security against the costs of increased network latency, possible performance degradation and additional points of failure.
5. Consider How Additional Security Will Affect Integration.