Ensuring Security in the Cloud
Posted on 08/06/13 by Cloud Calculator Staff
Because not everyone takes security as seriously as you
You have undoubtedly read the news stories: Seemingly every day there is a new report about hacked credit cards, leaked files, and stolen emails. And while most cloud providers will scramble to make up some excuse - claiming that these stories are the exception, not the norm – all this publicity can leave you wondering, “Just how secure is the cloud?”
The cloud is only as secure as the service provider
The simple truth is that the cloud is only as secure as the provider you have chosen to protect your critical data. And the scary thing is that not all providers take the security of your information as seriously as you do. This can mean wading through a seemingly endless landscape of “cloud providers” just to find someone who can offer you the security and protection you need.
To help you with your search for a cloud solution, we have created a list of four questions to consider:
How much control do they have over the data center?
- Did you know that many cloud providers don’t own and operate their own data center? Instead, they entrust a third party to house everything – this gives them little, if any, control over how their hardware and infrastructure is secured,
- This is why cloud providers like Expedient take such pride in the level of security they offer. With a network eight state-of-the-art data centers, Expedient is able to maintain industry leading best practices to ensure that all your data remains safe and secure from unauthorized access.
How do they anticipate and prevent security threats?
- Most security threats are the result of weak firewalls, data processes and runtime resources. Couple this with the constantly evolving security threats that challenge any data center, and it becomes important for your cloud services provider to maintain robust procedures, which allow them to anticipate data security risks before they emerge and cause significant harm
- Keep in mind that virtualization is an important first line of defense. Expedient utilizes virtualization to monitor incoming and outgoing traffic. Then, if a threat is detected it can be quickly isolated before causing damage
How do they ensure the protection of your confidential data and the performance of your network traffic?
- Robust data encryption is a prerequisite you must consider before putting your critical data into the cloud. This is especially true if you compete in an industry that must comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley, and Payment Card Industry (PCI) standards
- Recommended as a crucial element in protecting business-critical data, the Advanced Encryption Standard (AES) is the most widely used standard for protecting network traffic, personal data, and cloud computing infrastructures. Unfortunately, software-based AES algorithms are compute intensive, traditionally resulting in stiff performance penalties. By using Intel® Xeon® processors with built-in Intel® AES-NI instructions that dramatically accelerate encryption and decryption, Expedient is able to overcome the traditional compromises between security and performance.
How closely will they work with your auditing team?
- Most cloud providers will claim to be HIPAA, SOX or PCI-DSS compliant. Unfortunately this can be misleading, as regulatory compliance is often subject to interpretation.
- To ensure full transparency, have your auditing team tour the data center and ask questions about systems and procedures. This type of transparency is paramount to ensuring compliance, and it is something you should demand of any provider.
Want to learn more about what it takes to secure the cloud? Read our Cloud Security Uncompromised Whitepaper for expert insights on what it really means to ensure cloud security.