The cloud security checklist

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

Think your data will be safe in the cloud? Here are six tough questions for your cloud service provider.

Whether you're a small business relying on Google Docs for document sharing or an enterprise moving your global ERP system to the cloud, you should demand that some common security and compliance requirements are met by vendors providing applications and services over the Web. These requirements involve who can access your applications and data, as well as the systems hosting them; where the data is stored; and whether the data is hosted on dedicated, rather than on shared, hardware. They also ensure that you get detailed logs of who has accessed your data and applications so that you meet corporate and regulatory standards, and they verify that data is properly encrypted -- a factor that's more critical outside the corporate firewall.

What you demand of the cloud depends on your corporate standards and your compliance needs, the amount and type of workloads you're moving to it, and how you are dividing administrative and security responsibility between your staff and your provider. Security requirements also vary depending on whether you're using software as a service (SaaS), infrastructure as a service (IaaS) or platform as a service (PaaS) offerings. But you should at least consider each of the following questions in your cloud security plans.

1. Who has authentication/access control?

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Join the discussion
Be the first to comment on this article. Our Commenting Policies