Cloud security: Four customers' approaches

IT shops are taking matters into their own hands

Depending on whom you talk to, cloud security is either the industry's biggest oxymoron and won't be resolved anytime soon or it's no big deal because cloud vendors typically have tighter security than do any of their customers.

Wherever you fall on that continuum, the notion of security comes up as a key concern in many surveys on the topic, so it's clearly top-of-mind at most IT shops. There are a few security standards initiatives that might eventually help clear up matters (see sidebar below), but those are a long way from being ready to implement.

One thing is clear, experts say: Don't assume anything before doing your own due diligence. "It would be nice to think the vendors are doing a great job [of protecting the data] and they are building a highly robust application framework that provides a high level of security," says Jay Heiser, an analyst at Gartner who studies risk in the enterprise and regulatory compliance.

"The biggest frustration is determining whether they did that -- if a provider cannot give you definitive evidence [through testing and data verifications] that their product is [as] secure as they say it is, you have no ability to make a business decision to use it," Heiser adds.

Fred Cate, director of the Center on Applied Cybersecurity Research at the Indiana University Maurer School of Law, says the single biggest issue facing companies when it comes to cloud security is deciding who is really accountable from a legal perspective.

To continue reading this article register now

  
Shop Tech Products at Amazon