A common issue where Cloud Computing is concerned the security of private cloud, hybrid cloud and public cloud systems; who can access what information and where they can gain access to this data. Public clouds, for example, pose multiple risks to privacy and confidentiality as data is potentially available to anyone – generally this is not the case for secure cloud systems adopted by business.
The question then for secure clouds: how is security implemented and who is managing it? Do you leave it in the hands of your Cloud service provider and IT Department, or do you up-skill staff to look after this critical job? Depending on the platform you use and security structures needed by your organisation, this can be relatively simple or exceedingly complicated.
THE GENERAL CONSENSUS ON SECURITY
This year the Ponemon Institute was commissioned to survey IT security practitioners to identify how people felt cloud security had progressed over recent years. They found that the general consensus was that while overall security had improved, there were still doubts that needed to be addressed with a balanced opinion on whether security concerns have either stopped or slowed cloud adoption, or have had no effect.
There were mixed opinions as to who was responsible for SaaS (Software as a Service) application security with a share of responsibility falling on the cloud and SaaS developers, Cloud Computing Providers, Company IT and End Users.
Similarly to SaaS, there were mixed opinions as to who should be in charge of security of IaaS (Infrastructure as a Service) which was found to be increasing in demand, with half of those surveyed believing IaaS will continue to be important in meeting future IT and data processing demands.
Assuming that the cloud platform and data centres the information is stored within are secure, emphasis on security then relies on the needs of individual businesses. Evaluating IaaS resources before implementation goes a long way to pinning down and identifying who is going to be responsible for the security of your data. Each option between providers, IT and end users has advantages and disadvantages. For example, allowing end users to manage security options over data they work with avoids possible costs by your Cloud Service Provider yet may lead to security breaches if the end user is not trained sufficiently. In the case of a smaller company, making the time to manage additional tasks may be unrealistic, in which case, allowing your service provider to maintain security may be the better option.
Automation Technologies goes a long way to provide suitable PCI DSS level security options for all business types using our ISO9001:2000, ISO13485, ISO14000 and FDA 21 CFR 11 compliant platform, VisualVault. The first step is identifying the security needs in your business then creating a security structure that most suits the way your company operates and available resources.
Contact us today for a free consultation and discover how we can tailor a cloud security structure suitable to your business Contact Us
Image source: CA Technologies (2013)