Moving to the Cloud: Security


Green_GaugeThis post is the first in a series addressing concerns organizations may have that prevent them from moving the cloud-based solutions.

At some point in the evaluation and decision process, the issue of security comes to the forefront as organizations look at cloud computing.  Vendors and resellers, like Cumulus Global, often provide two answers — both of which are correct:

  1. Cloud computing providers need their environments to be secure, and they invest time and money on security.  Most cloud providers deliver environments and systems that are significantly more secure than their customers could provide for themselves.
  2. Standard cloud security may not be sufficient to meet specific business needs.  Just as they would with in-house systems, cloud computing customers should be prepared to add additional security services to meet business requirements such as HIPAA, SEC, FINRA, and PCI compliance.

As a first step, organizations moving to the cloud should review the security capabilities of their solution provider.  Beyond the technology, look for certifications such as SSAE-16 Type I and II, ISO 27001, and FISMA.  Make sure that the provider’s security practices are reflected in their terms of service, contracts, and service level agreements.  Finally, verify if and how you can add security capabilities to meet business or industry requirements.

With a reasonable level of due diligence and planning, cloud solutions can overcome any security concerns.

Next Post in the Series: Moving to the Cloud: Cost Savings