Cloud computing is the hot topic in the IT industry at the moment, but it is recognised that many businesses are cautious about migrating services to the cloud due to concerns over security.
Companies can feel concern when handing over control of precious data and business-critical applications to a third-party service provider. When this type of thing is handled in house, at least the responsibility lies internally and it is possible to work out who should be held to account.
Thankfully, the security concerns are not going unheeded and there are in fact three distinct areas within cloud security which need to be addressed.
Contracts and Legislation
This first aspect of cloud security is perhaps the most important from the point of view of individual businesses because it determines liability and outlines clearly which parties are responsible in different scenarios.
Essentially, this boils down to identifying who is to blame in the event of data loss or theft. It involves apportioning responsibility on a particular scale which allows for a greater degree of accuracy and a recognition that in some cases it can be a two-way street.
The contractual side of any agreement about a cloud service should also look at the means by which companies are able to retrieve information and applications when that contract comes to an end and is not going to be renewed.
From a legal point of view, record keeping by cloud providers may have to be handled in a particular way, depending on the nature of the industry or sector in which the client is operating.
For these reasons it is necessary to remove any obfuscation or lack of clarity during the process of drawing up a contract in order to make sure that both sides are content.
Compliance with cloud industry regulations is a little different from the contractual and legal obligations, but no less important to consider.
In fact, the cloud can often come under scrutiny because of the compliance required by firms operating within a certain market, whether it is financial, healthcare related or some other form of business in which regulators play a key role.
From the point of view of cloud users, things such as data recovery in the event of a disaster to ensure that business continuity is possible will be particularly important.
Providers should be able to outline roughly how long it will take them to restore back-up copies of data and app states if in-house systems become compromised or there is any kind of outage on the cloud itself.
Without this information it can be hard to build confidence in clients, particularly when they may be working on a disaster-recovery plan which relies on predetermined facts in order to be put into action.
Compliance should finally take into account the need for investigations, allowing internal or external forces to scrutinise logs and other pertinent pieces of information forensically so that trails can be established and audits completed with ease.
Privacy and Data Security
The third facet of cloud security and the one which draws most attention is data protection and promises over privacy for individual firms.
The management of access to the cloud and the data which is stored on it will be a central factor that indicates the trustworthiness of given providers.
It necessary to show that remote, web-based access to cloud services is secure and unlikely to be compromised. It is also useful for cloud providers to be able to prove that the physical integrity of their data centres is not going to be brought into question.
With each of these aspects of cloud security in place and increasingly understood by providers and clients alike, the cloud is starting to become a much safer place.
About the Author: This article was written by Daisy Group plc who have over ten years experince in hosting solutions for small medium and enterprise businesses, solutions include Managed Hosting, Colocation, Virtulisation and Cloud. As part of our Cloud solutions Daisy are able to advise businesses on Cloud security.