How to Make Public and Private Clouds Secure

With Gartner predicting $150 billion in cloud-related earnings by 2013, the march towards "the cloud" is not abating. As the market grows, "Is the cloud secure?" is a very familiar refrain frequently asked by corporate management. During those in IT will undoubtedly tell you no environment will be completely secure, there are measures you can take when moving to the cloud to mitigate security risks to reasonable levels. Transitioning to the cloud can often be more secure than a traditional in-house solution. Cloud providers have collectively invested billions in implementing standards and procedures to safeguard data. They need to compete based on not only price, however the breadth of their security, driving research to the benefit of the customer.

In a public cloud environment the end user has a solution in other words highly automated. Clients can put their applications in the cloud and control all of the individual attributes of their services. If you develop products and services in a testing or development environment, the high level of scalability offered by an on-demand computing solution makes it easy to clone server images and make ad-hoc changes to your infrastructure.

Over time, as cloud research evolves, providers are standardizing policies that dictate where data physically resides. You might see user-defined policies with restrictions on crossing certain state or country boundaries as companies become increasingly globalized.

According to Gartner innovation, 40 or more states have formal regulations in place governing how companies can protect PII. Should the contingency arise to the traditional focus on credit card, bank account, and other finance-centric information, there are as well concerns around Social Security numbers and any other type of data that warrants privacy restrictions. The implications are that a customer should choose an established cloud solution provider that places system controls on the movement of PII within their cloud network. If sensitive data ends up on servers outside of the United States, it can create serious legal issues. Beyond PII, many companies run the risk of exposing their own intellectual property or other trade secrets.

As companies utilize more and more SaaS solutions to handle business needs, standards just as SAS 70 become more and more prevalent across multiple industries. As a flexible accounting standard that can be altered to fit the custom needs of SaaS providers, SAS 70 is becoming a de-facto standard in the space. During it is in actual fact a little disingenuous for companies to dictate their own control objectives to the auditing firm, those that take the auditing in all seriousness can proactively find and fix minor issues previously they become massive problems.

Lot of questions

You need to ask potential solution providers a lot of questions, digging beneath their standard marketing literature. What about business continuity? Is there a documented process for this? If one of their data centers is destroyed, what does that mean for your business? Do they only have one location? If so, you need to explore their backup and disaster recovery procedures, as so then as the security risks of those procedures. Another important consideration is the company's actions afterwards a security breach. Do you trust them to tell you security has been compromised so you can take steps to mitigate damage?

You as well need to look beyond the cloud provider at any other SaaS type provider, whether a CRM solution or any other kind. A complete cloud solution and other business processes are often enabled by a chain of outsourcers. For clients that manage very sensitive data, they should request independent security audits of outsourcers, to illustrate any hosting companies used by the cloud provider.

From Hostway's very beginning, Lucas Roh has been the driving force in the company's dedication to reliability and easy-to-use services through an ongoing commitment to emerging innovation. Since starting the company in 1998, Roh has charted Hostway's growth to achieve an international presence, rank as one of the top-five Web hosting companies globally and remain profitable every quarter since its founding. Recognizing this success, the Chicago Business Hall of Fame named Roh Chicago's Young Business Leader of the Year in 2004. Roh received a PhD in computer science from Colorado State University in 1995 and an undergraduate degree in physics from the University of Chicago in 1988.