In the past couple of years, cloud-based solutions have gone from the status of a brave new technology to a mainstream vehicle for delivering storage, application, infrastructure and other services. From a security point of view, consuming cloud-based services usually involves delegating security for the service to the service provider. This does not need to be as scary as it sounds – as long as you approach the service engagement with your eyes open, and arm yourself with pertinent requirements for the service provider to provide appropriate controls to protect your organization.
Ultimately, cloud security comes down to a matter of trust. Do you trust your service provider to deliver on mutually understood promises? The interesting thing about trust is that transparency trumps technology and process as a trustworthiness validation indicator. Without transparency, how could you know, or even make an educated guess, about a vendor’s ability to execute on the promises they make about security? If I write anything more about this here, it will spoil the video blog post on the subject shared below:
Trust me, it’s worth a look.
If you invest into a cloud service and they go bankrupt the next year, what happens to company data? Yikes!!! One rule-of-thumb (as you mentioned) is to do the research on that reliability of that cloud service!
Funny thing though, people are so worried about what security services in the cloud has (like their data center security is so much better). I would bet that cloud security from Amazon for example far better than most mid-size company local security programs (if they even have one…)! What people should be asking is, will cloud security be better than the security program they already have! 🙂