Welcome!

Related Topics: @CloudExpo, Microservices Expo, Cloud Security, @BigDataExpo, SDN Journal, @DevOpsSummit

@CloudExpo: Article

Cloud Security Checklist: Make Sure Your Data Is Safe

Cloud resources are becoming a must-have service for businesses since they offer scalability

Recent reports of a massive data breach affecting popular sites like Facebook, Twitter, Google and Yahoo have many companies rethinking security practices and wondering how to protect vital data. If your company uses cloud services to conduct business and manage data or is contemplating a hosting partnership, it's natural to wonder if your service provider is taking all the steps necessary to keep your confidential information secure.

It's an important issue: Cloud resources are becoming a must-have service for businesses since they offer scalability without requiring a massive investment in hardware. But before choosing a cloud service provider, it's crucial to make sure the company can deliver the security your business needs. Here are some questions to keep in mind when making an evaluation:

What kind of physical security does my cloud hosting partner maintain?
Assess your cloud service provider's physical security safeguards, including controls on facility entry, login access restrictions, CCTV monitoring capabilities, limits on who can access internal systems and administrative functions.

What assurances does the provider offer around confidentiality?
A reputable hosting partner will conduct background checks on employees who handle confidential data and require staff to sign confidentiality agreements. They will also restrict credentials so that only employees who need access can handle your data.

How are firewalls structured, and what other network security measures are in place?
Virtually all hosting providers have a firewall infrastructure in place, but it's a good idea to ask about how it's configured and whether there's an additional charge for the service. Also ask how frequently audits are conducted and what additional network security is in place.

How does the cloud service provider keep software secure?
Many security breaches occur due to software issues, so ask your hosting partner about auditing and find out how often they update security patches. Inquire about automatic update installation and reboots as well to see if these are permitted.

Does the cloud hosting company submit to audits from independent agencies?
One way companies can demonstrate compliance is by submitting to independent audits. SSAE 16 standards verify that an independent auditor assessed the company to make sure their service description matches their organization system.

What backup and redundancy capabilities are available?
Another good question for cloud service providers is what volume of backup space they maintain and how long they keep stored data. Also ask about the cloud infrastructure - specifically inquire about performance levels and system availability as well as failover capabilities and use of redundant clusters.

What kind of protection is available for data during transmission?
It's crucial to make sure confidential information like passwords and client information remain secure during transmission. Ask the company about how firewalls protect this information and if data is protected by VPN encryption. Also inquire about remote access and the use of SSL for logins.

Is it possible to connect physical and virtual resources?
To maintain tight security, potential hosting partners may require safeguards for physical servers that interact with cloud assets. Ask if this can be configured so that you can use both solutions in a single environment for greater efficiency.

What kind of Service Level Agreements (SLAs) are offered?
It's important to pay close attention to the SLAs a cloud service provider offers since this is how providers define their services and describe the performance levels you can expect. Make sure your hosting partner backs promises up with SLAs.

Companies are increasingly using hosted cloud services because it enables them to do more with less and expand capabilities without huge investments in infrastructure. But hacking is on the rise, so it's crucial to make sure a prospective cloud provider offers robust security.

If you're currently using cloud services or thinking about partnering with a hosting provider, take the time to investigate the security measures the company uses to keep client data safe. It takes a bit of time and effort, but it's well worth it to avoid a costly data breach.

More Stories By Jim Potter

Jim Potter is Vice President of Product Management at Hostway. He leads the product management and product marketing activities for the cloud hosting service provider.

Comments (2)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Latest Stories
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
Developing software for the Internet of Things (IoT) comes with its own set of challenges. Security, privacy, and unified standards are a few key issues. In addition, each IoT product is comprised of (at least) three separate application components: the software embedded in the device, the back-end service, and the mobile application for the end user’s controls. Each component is developed by a different team, using different technologies and practices, and deployed to a different stack/target –...
Identity is in everything and customers are looking to their providers to ensure the security of their identities, transactions and data. With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience. Making identity, security and privacy easy for customers provides a unique advantage over the competition.
All clouds are not equal. To succeed in a DevOps context, organizations should plan to develop/deploy apps across a choice of on-premise and public clouds simultaneously depending on the business needs. This is where the concept of the Lean Cloud comes in - resting on the idea that you often need to relocate your app modules over their life cycles for both innovation and operational efficiency in the cloud. In his session at @DevOpsSummit at19th Cloud Expo, Valentin (Val) Bercovici, CTO of So...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
SYS-CON Events announced today that eCube Systems, a leading provider of middleware modernization, integration, and management solutions, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. eCube Systems offers a family of middleware evolution products and services that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abil...
Digital innovation is the next big wave of business transformation based on digital technologies of which IoT and Big Data are key components, For example: Business boundary innovation is a challenge to excavate third-party business value using IoT and BigData, like Nest Business structure innovation may propose re-building business structure from scratch, as Uber does in the taxicab industry The social model innovation is also a big challenge to the new social architecture with the design fr...
Whether they’re located in a public, private, or hybrid cloud environment, cloud technologies are constantly evolving. While the innovation is exciting, the end mission of delivering business value and rapidly producing incremental product features is paramount. In his session at @DevOpsSummit at 19th Cloud Expo, Kiran Chitturi, CTO Architect at Sungard AS, will discuss DevOps culture, its evolution of frameworks and technologies, and how it is achieving maturity. He will also cover various st...
So, you bought into the current machine learning craze and went on to collect millions/billions of records from this promising new data source. Now, what do you do with them? Too often, the abundance of data quickly turns into an abundance of problems. How do you extract that "magic essence" from your data without falling into the common pitfalls? In her session at @ThingsExpo, Natalia Ponomareva, Software Engineer at Google, provided tips on how to be successful in large scale machine learning...
If you had a chance to enter on the ground level of the largest e-commerce market in the world – would you? China is the world’s most populated country with the second largest economy and the world’s fastest growing market. It is estimated that by 2018 the Chinese market will be reaching over $30 billion in gaming revenue alone. Admittedly for a foreign company, doing business in China can be challenging. Often changing laws, administrative regulations and the often inscrutable Chinese Interne...
Creating replica copies to tolerate a certain number of failures is easy, but very expensive at cloud-scale. Conventional RAID has lower overhead, but it is limited in the number of failures it can tolerate. And the management is like herding cats (overseeing capacity, rebuilds, migrations, and degraded performance). Download Slide Deck: ▸ Here In his general session at 18th Cloud Expo, Scott Cleland, Senior Director of Product Marketing for the HGST Cloud Infrastructure Business Unit, discusse...
In his session at @ThingsExpo, Kausik Sridharabalan, founder and CTO of Pulzze Systems, Inc., will focus on key challenges in building an Internet of Things solution infrastructure. He will shed light on efficient ways of defining interactions within IoT solutions, leading to cost and time reduction. He will also introduce ways to handle data and how one can develop IoT solutions that are lean, flexible and configurable, thus making IoT infrastructure agile and scalable.
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics. In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...