Would-be and existing customers must understand that security isn't set-and-forget just because it resides in the cloud.

8 Slides

By now, the pitch for cloud-based services is familiar to anyone in IT: They're cheaper, more efficient, and will free up in-house infosec professionals for more value-added tasks (yes, everyone's really going to miss reviewing log management data). 

The promises of highly automated functionality and trouble-free operations may be slightly overstated, at least where cloud-based security is concerned. But most infosec professionals are already masters of due diligence, and cloud is like any other external service provider: seasoned security pros know to ask a lot of questions, perform their own testing and audits, and get customer references for the real skinny on how cloud-based security goes.

Smart, reputable cloud service providers will encourage/require customers to undertake many of these steps we outline here, and then some. But it should be noted any time a provider balks at being transparent or at providing greater levels of access and discovery. The partnership nature of cloud is inherent when it's essentially an outsourced service; for something as strategic as security, customers are going to want lots of disclosure and trust upfront.

Whether you're entertaining cloud security or are already a customer, here are some basic ways that these third-party services change the ways infosec professionals have traditionally conducted themselves. The list is by no means exhaustive. And if we've missed something egregious, leave us a note in the comments section below! Let's make this a multi-party dialog.

About the Author(s)

Terry Sweeney, Contributing Editor

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, Network World, InformationWeek and Mobile Sports Report.

In addition to information security, Sweeney has written extensively about cloud computing, wireless technologies, storage networking, and analytics. After watching successive waves of technological advancement, he still prefers to chronicle the actual application of these breakthroughs by businesses and public sector organizations.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights