Security in the cloud

Before moving to cloud computing, we ask our customers to consider their security requirements.

Privileged User Access
Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced service providers are not all subject to the same access security controls that internal IT departments are.

You need to know about the people who manage your data, who has access to it, and how it is protected. Ask your potential providers to supply specific information on the hiring and vetting processes they employ, and the control of privileged administrator access.

Regulatory Compliance
Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are signalling that customers can only use them for the most trivial functions.

Data Location
When you use a public cloud, you won’t know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers.

Data Segregation
Data in a public cloud is typically in a totally shared environment alongside data from other customers. You would be sharing firewalls, storage and processing leaving yourself exposed to risks.

Your cloud supplier needs to employ segregation policies for all customers in a way that reduces risks to levels as low as in a private system.