informa
/
Risk
Feature

Security Questions To Ask Your Cloud Provider

NeoSpire's director of security, Sean Bruton, discusses the realities of cloud security and the key questions to ask when assessing a hosted or cloud service provider's claims.



Analytics Slideshow Calculating Cloud ROI
(click for larger image and for full photo gallery)
InformationWeek SMB: Are cloud providers providing adequate security? Can they assure it?

Bruton: Many companies can implement the same security controls that a third-party provider can. But a lot of cloud providers today are busy pushing out applications and capacity and features, and that may be at the expense of security.

Also, not all clouds are equal -- there's public, private, and hybrid, and there are technical differences. Using the public cloud, you're using shared resources, you don't have your own firewalls, or network VLANs [virtual local area networks], so the exposure changes.

Behind your firewall, you have a better chokepoint, which can decrease the exposure to attacks. A private cloud environment can give you your own firewall, your own VPL [virtual private line] or MPLS [multiprotocol label switching] circuit, and mitigate risks.

InformationWeek SMB: So you have to understand what any hosting or cloud vendor means when they say "security."

Bruton:: You can't just look at what they tell you, because if something does go wrong, the injured party or the regulators aren't going to go after them, they'll go after you.

For Further Reading

Strategic Security Survey: Global Threat, Local Pain

McAfee Says Security Industry Failing On Cybercrime

IT Security Unleashes Employee Complaints

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5