Securing the Cloud

Advice 2010-06-02 18:23
Keith Bates, chairman of The Cloud Computing Centre outlines how IT organisations can minimise the risk of moving to

With customers demanding ever more stringent compliance led contracts, Keith Bates, chairman of The Cloud Computing Centre outlines how IT organisations can minimise the risk of moving to the cloud whilst also attaining all the benefits of economies of scale, reduced headcount and new revenue stream.

Security Added Value

Third party expertise could also be a good opportunity to create a new revenue stream, since the move to the cloud is undoubtedly focusing the attention of many SMEs on security. As a result, the delivery of security expertise and assessment is becoming a key component of the cloud-based model.

For example, organisations need to understand that the responsibility for compliance remains with the company itself and not with the cloud computing services provider. A hosting provider will not be PCI DSS compliant, for instance. Indeed since under most contracts the provider operates at infrastructure not transaction level and hence has no access to the data, there is no reason for compliance. It may, however, be required for the reseller or partner to gain accreditation if the company has access to credit card information.

There is also growing concern that many customer organisations are failing to impose tight password controls over employees who are using both public cloud services – such as salesforce.com – and private clouds for key corporate systems. Far too many individuals are, understandably, opting to use the same password for every system, which raises the risk of unauthorised access to the private cloud.

In addition to improving end user education about password usage, resellers can offer customers token-based access devices to further enhance the security of corporate cloud-based systems.

Risk Assessment

Security is obviously a concern for organisations embracing this fundamentally different way of acquiring IT services and solutions and resellers need to understand the security implications of cloud computing.

Organisations need to be far more savvy about key issues such as authentication and access especially when using public cloud services; and they need to really consider the compliance implications of any change to IT infrastructure. But for the majority of SMEs a UK based data centre will not only offer excellent economy of scale but, critically, it will offer significantly better levels of security than any on premise solution.

Pages

Tags:
Cloud computing
Security
Cloud Computing
Security

Related Articles

Adam Jarvis appointed Intrinsic CEO
Exec to lead unified communication specialist into cloud
EMC ramps up cloud services and support
Storage giant helping partners to embrace cloud with new products, services and programmes
NetSuite takes aim at rivals
NetSuite outlines plans to grab established competitors’ business in UK