What is Cloud Security?
There are two aspects to Cloud Security. Firstly, cloud-based security software such as email virus scanning, anti-spam services, internet web threat protection and user monitoring services. These solutions are often cloud based – or a hybrid of on-remise and cloud-based software.
Secondly, there is a great deal of debate about the security of moving services to the cloud. This debate tends to concentrate on risk, data management and new models of federated security tools.
I’m interested in cloud-based security solutions. What do I need to know?
The first stop is Compare the Cloud’s cloud comparison tool – here we list many of the cloud-based security solutions available in the market.
I’m interested in the debate about whether moving my IT environments to a cloud-based Infrastructure as a Service (IaaS) model or Platform as a Service (PaaS) model is secure. What do I need to know?
Some people have expressed concern that moving to a cloud-based Infrastructure model is necessarily less secure than owning, hosting and maintaining IT infrastructure in-house. However, this isn’t necessarily the case; the security of each model will depend on how each environment is managed.
Some commentators have argued that fears about cloud security are more about a feeling of loss of control rather than based on solid security grounds: “Security has become a full-time job and requires a tremendous amount of expertise to do it right on-premises. For all the fear of the cloud, the fact is companies are routinely hacked, and many never even know it. In reality, your on-premises systems are not more secure than the cloud.”
Nevertheless, there are security risks inherent in any environment and the cloud is no exception. These need to be considered carefully and clear lines of responsibility drawn between cloud service provider (CSP) and customer.
What security measures does my CSP need to have in place?
Of course, security and data compliance requirements will vary depending on the industry you operate in and business policies. It is important to speak with your CSP to work out a model which matches your requirements.
The Cloud Security Alliance identifies fourteen areas that require consideration:
- Cloud Architecture
- Governance and Enterprise Risk Management
- Legal
- Contracts and Electronic Discovery
- Compliance and Audit
- Information Management and Data Security
- Portability and Interoperability
- Traditional Security
- Business Continuity and Disaster Recovery
- Data Centre Operations
- Incident Response
- Notification and Remediation
- Application Security
- Encryption and Key Management
- Identity and Access Management
- Virtualisation
- Security as a Service