Friday, August 19, 2011

Selection of Cloud A Provider

There are a great many considerations when selecting a provider of cloud services. Security is certainly one of them. An important one.

One recent article in a cloud selection series points out two important elements to security that are particular important when evaluating cloud providers. One, perhaps predictably, is their encryption policies. Of course, encryption is important. But it's not enough just to see that they have encryption. It needs to be looked at closely. What kind of encryption? How is it applied? And when? The whole question is whether they data are protected in storage, in transit -  at all times.

The other major security (control) consideration is availability. If critical functional data are stored in a cloud, chances are they need to be available at a moments notice 24/7. Outages at the cloud level just are not acceptable.

There are other considerations that the article doesn't mention, like how good are the security processes, including authorizations for various actions affecting the data, as well as access by cloud personnel. Have outside auditors reported on those processes and are the reports available? An of course, are they reasonably problem free?

It's an important area, and one with increasing importance for many businesses.

No comments: