Why physical security matters, even in the cloud

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

At the Business of Cloud Computing Conference, I caught a presentation by Marlin Pohlman, who noted that No. 3 on the Cloud Security Alliance's "Top Threats to Cloud Computing" list is malicious insiders. This serves as a good reminder that old-fashioned physical security issues require a lot of attention when you're considering a cloud service provider.

Just as a bank is a central repository for money and thus an attractive target for a robber, so is the data center of a cloud provider a central repository for valuable data resources and thus an attractive target for malicious hackers. So it's important to vet the physical security of a cloud provider's data centers. Here are some of the key issues to investigate:

Security policy. A policy typically details the mechanisms that the vendor has in place to prevent security breaches. An incident response plan typically details steps the provider will take should a breach occur. If the vendor has such documents, carefully review them. If it doesn't, that's a big red warning flag.

Access Controls. Does the cloud provider have physical access controls in place to ensure that only authorized personnel are able to access the IT infrastructure on which your data is stored and processed? Ask the following questions:

• Are the data centers in nondescript facilities?

• Do those facilities have security guards, gates and checkpoints?

To continue reading this article register now

5 power user tips for Microsoft OneNote
  
Shop Tech Products at Amazon