Tips for Better Cloud Security
1. Know your own infrastructure and that of your cloud provider. The less you know about the vendor's setup, the more vulnerable you are.
2. Ask your security and legal teams to review contracts with cloud providers. Verify that security assurances are legally binding.
3. Study your provider's service-level agreements so you understand all contractual obligations -- yours and the vendor's. Make sure that you can monitor your apps, and that the vendor will notify you in the event of a security breach.
4. When negotiating a contract, ask tough questions about the vendor's hiring policies and employee monitoring practices, because malicious insiders represent security risks.
5. Research security controls and make sure cloud providers have those controls in place. Also understand how vendors will handle breaches.
6. Understand that your company is ultimately responsible for the confidentiality and integrity of its systems. Identify vulnerabilities by conducting regular penetration tests of your cloud-based systems -- with the provider's help, if possible.
7. Implement your own security tools, such as complex passwords, data encryption and data access management software that integrates with the cloud infrastructure.
— Bob Violino (firstname.lastname@example.org)