Friday, September 30, 2011 5:35:19 PM
As more organizations, federal agencies and individuals adopt cloud computing services, security practices and software are more important than ever. Though cloud security is capable of being just as secure as traditional in-house IT infrastructures, and some experts believe the cloud could provide even better security for data, the methods used to keep information protected are different for external locations.
The Australian recently published an article explaining the challenges IT departments are facing when managing data security with third-party vendors. As with the cloud, data is almost always stored in either one or multiple external locations, and managed by the cloud service provider, internal IT departments need to find ways of keeping security and compliance up to speed both in-house and at these locations.
The website notes the difference between Security-as-a-Service and Infrastructure-as-a-Service, in that SaaS is often coupled with security programs provided by the cloud vendor, while IaaS requires users be more proactive with security practices. Additionally, hybrid clouds pose additional difficulties, in that data is constantly moving between internal and external servers.
"Security and privacy are definitely fundamental concerns for IT decision makers," Arun Chandrasekaran of Frost & Sullivan told the news provider. "And I believe that those concerns are justified."
According to the website, international auditory and certification initiatives, such as the SAS 70 and ISO 27001, serve as an excellent template to standardize cloud security practices, and providers should ensure they follow these guidelines as closely as possible.
"It should be realized that proper security has to involve a concerted effort from both sides," Chandrasekaran later added to the news source. "Service providers need to improve their security and embrace industry best practices. But at the same time enterprises must understand what should be moved to the cloud and what should not be moved."
The Cloud Security Alliance announced this summer it would release a Security, Trust and Assurance Registry in the coming months as another method of standardizing the cloud industry. According to CSA's website, STAR will be publicly accessible, and will contain information pertaining to each provider's practices, operations and security specifications.
"I believe things will get better, but you have to go back to basics," John Reeman of a leading IT security firm told the news provider. "You need to look at [cloud service] organizations and determine whether they are suitable for your needs."
-McAfee Cloud Security