Secure Cloud Computing| by FutUndBeidl| CC-BY-2.0
You step through the front door. Turn around, lock it, and trot down your front steps. Then, a few steps down the sidewalk you get worried that you didn’t lock the door. Probably because you’ve gotten so used to that routine that you don’t even remember doing it. Finally your worry wins out and you run back, jiggle the handle and satisfy yourself that you locked the door.
Unfortunately this same urge doesn’t usually appear when it comes to our data security. In an article by Nathan Eddy in EWeek, he reviews some cloud security concerns. Using those, along with some of my own, you should have the checks you need in order to jiggle the proverbial handle on your cloud based enterprise solutions.
Third Party Certification– “…allow for an annual security audit and certification by a third party, with an option to terminate the agreement in the event of a security breach if the provider fails on any material measure.” This type of check should be built into the contract you set up with your cloud solution provider. For example, here at Mediafly, our ProReview solution is audited by the MPAA and our SalesKit solution has earned Skyhigh Networks CloudTrust certification. These types of checks will become more commonplace as cloud use becomes more uniformly adopted.
Monthly/Quarterly Security Checks– The service provider would complete a monthly and/or quarterly security checks for themselves. By doing this, it gives you the comfort and the knowledge that they’re keeping up on any vulnerabilities that might arise throughout the year.
Transparency– After the yearly third-party security audits, as well as the monthly checks, you should be notified of the results. Along with that, when vetting a cloud service, they should give you the security records of their system up until now. This will give you a sense of how they’ve responded to security risks in the past and how they move forward.
Get It In Writing– This last, and arguably most important piece, is fairly self-explanatory. Much of the language in these contracts is used to describe the services being provided, costs/payment, but the security portion isn’t always as solid as it needs to be. Fix that. This way they’re being upheld to the standards that need to be in place in order to keep your company safe.
Hopefully these tips will help you when reviewing your current cloud service provider or if you’re in the market for one.
Comments are closed.