Dont Trust Cloud Security

  /     /     /  
Publicated : 22/11/2024   Category : security

Dont Trust Cloud Security


Companies using cloud services need to verify, not trust, that a providers controls will actually protect their data.




Download the entire August 20, 2012, issue of
InformationWeek
, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree for each of the first 5,000 downloads.
A common question about the cloud is whether its more secure than a data center. But thats the wrong question to ask. Instead, customers and potential customers of public cloud services--whether infrastructure-as-a-service, platform-as-a-service, software-as-a-service, or some other as-a-service--need to ask whether a cloud providers controls are sufficient to limit the risk a customer is willing to take with its data.
Most cloud providers say, Trust us, were secure. But you shouldnt take them at their word. A variety of options are available to assess a cloud providers controls: basic questionnaires, standardized reports, technical audits, vulnerability scans, and full-blown penetration attempts that put a providers security to the test.
You must assess the pros and cons of each approach and find the provider that takes the same (or better) care with your data as you would. Its not easy, but its a lot better than cleaning up the mess left by a breach.
Get The Security You Need
Security is a top concern with the public cloud. Consider that 27% of respondents to the
InformationWeek
2012 Cloud Security and Risk Survey
say they have no plans to use public cloud services. And 48% of those respondents say their primary reason for not doing so is related to security, including fears of leaks of customer and proprietary data.
What about those who have adopted, plan to adopt, or are considering cloud services? Theyre worried, too. Security concerns easily trump other significant issues, including cloud performance, vendor lock-in, and the ability to recover data if a customer ends the service or a provider goes out of business, according to our survey. However, while security concerns are paramount, companies also see significant benefits to cloud adoption. When we asked why companies adopt or would adopt cloud computing, the top response was lower capital costs. A close second was the reduced burden on IT. Despite security concerns, companies are moving to the cloud for business reasons.
In an ideal world, companies would carefully inspect any public cloud provider they intend to use. But that doesnt seem to be the case among all our survey respondents. We asked respondents using or planning to use a provider to compare the providers security controls with their own; 20% say the provider has superior controls, and another 20% say the providers controls are on par with their own. However, 31% say they have no idea, because they havent examined the controls in depth. In other words, theyre going on blind faith.
But it doesnt have to be this way. At the very least, companies considering a cloud service should take advantage of the documentation that most providers make available to customers and potential customers. The most common is the Statement on Standards for Attestation Engagements 16, a set of auditing standards that replaced the well-known SAS 70. In an SSAE 16 report, a provider describes its security and technology controls, a third-party auditor reviews them, and the providers management attests that the controls are in place.
To read the rest of the article,
Download the Aug. 20, 2012, issue of
InformationWeek
Cloud Security

Verify, Dont Trust
Our full report on
cloud security
is free with registration.
This report includes
31
pages of action-oriented analysis, packed with
25
charts. What youll find: Pros and cons of assessment tools How to make the most of SSAE 16 and other reports
Get This
And
All Our Reports

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Dont Trust Cloud Security