Cloud services are a great resource for businesses but are often lacking in security. Unfortunately, this is one area in which cloud computing desperately needs more work. The current model often forces businesses to change their current practices to suit a cloud that needs to allow open-flow access and shared services. There is no basic groundwork for encryption and security standards are not universally agreed on across the board, leaving room for problem areas to arise unexpectedly. In some cases, they can lead to sensitive data being divulged.
Until a minimum security standard can be reached, Gartner urges businesses to request detailed security reports from their cloud service providers. Here are some questions to keep in mind when choosing a cloud service provider, from a report published in Information Week:
- Does the cloud service provider require the use of two-factor authentication for the administrative control of servers, routers, switches and firewalls?
- Does it support IPsec or Secure Sockets Layer with Extended Validation certificates and two-factor authentication for connecting to the service?
- Does it contract for, or provide protection against denial-of-service attacks against its Internet presence?
- Can it demonstrate established procedures for vulnerability management, intrusion prevention, incident response, and incident escalation and investigation?
- Can it show documented identity management and help desk procedures for authenticating callers and resetting access controls, as well as for establishing and deleting accounts?
The report states that if two or more of these questions are answered with a “No” by a service provider, they should be eliminated as a reliable source if you’re planning to involve customer or other business-sensitive data. The cost of having sensitive data leaked or stolen is incredibly high and can cripple a business. Until services providers can live up to a high standard of dependability, it is recommended to be cautious about who you trust with storing sensitive information.