TMCnet
New Coverage :  Asterisk  |  Call Center Outsourcing  |  Call Recording  |  SIP Trunking  |  Hosted Exchange  |  PBX
WEBINARS
TMCnet CHANNELS
#1 VoIP Enabler: Risk-free, Quick & Easy Deployment
4G Mobile Backhaul
Appliance Deployment
Application Performance Monitoring
Auto Attendant
Auto Dealer CRM
Bandwidth Management
BPA (3rd Party Remote Call Monitoring)
Broadband Solutions
Budgeting Software
Business Ethernet
Business Process Automation
Business Solutions
Business VoIP
Call Accounting
Call Center
Call Center Certification
Call Center Furniture
Call Center Hiring
Call Center Management
Call Center On Demand
Call Center Operations
Call Center Scheduling
Call Center Software
Call Center Solutions
Call Center Training
Call Center Wallboards
Call Center Workforce Management
Call Monitoring
Call Recording
Cloud Based Predictive Dialer
Cloud Business
Cloud Communications
Cloud CRM
Cloud Recording
Cloud Storage
Cloud Telephony
Communication Test Equipment
Consumer Robotics
Contact Center Outsourcing
Contact Center Software
Coordinated Care Management
CRM Cloud Computing
Customer Engagement
Data Center Network
Data Center Power
Data Center Services
Deployment and Management Solutions
e911
E911 Hosted Solutions
Embedded Multi-core
Enterprise Fax over IP
Enterprise SBC
Environmental Monitoring
Ethernet Extender
Expense Report Software
Fax
Fax Over IP
Fax Server
Fax Software
Fax VoIP
FoIP
Forensic Accounting
Google Apps - News
Green Builders
HD Voice
Healthcare Robotics
Hosted Billing
Hosted Call Center
Hosted Call Recording
Hosted Contact Center
Hosted PBX
Hosted Predictive Dialer
Hosted Softswitch
Identity Management
Industrial Robotics
Infrastructure as a Service
IP Communications
IP Fax
IP Media Server
IP Phone Maker
IP Phone Systems
IP Phones
IP Softswitch
IP Transit
IVR
IVR System
Knowledge Management
Lead Management Software
Least Cost Routing
Load Balancer
Load Testing
Managed Networks
Master Agent
Metro Ethernet
Military Robotics
Mobile Banking
Mobile Device Management
Mobile Security Management
Mobile Unified Communications
Mobile Video
Mobile VoIP
NERC Compliance
Netflow
Network Acceleration
Network Diagramming
Network Performance Management
Online Video Platform Solutions
Out of Band Management
Password Manager
PBX
Power Protection
Predictive Dialer
Quality Monitoring
Quality of Management
Renewable Energy
Sales Software
Satellite Communications
Satellite Optimization
SIM Server
SIP End Points
SMB VoIP
SMS Text Marketing
Social CRM & Mobile Care
Softswitch
Software Licensing
Solar Power
Spanish Language Contact Center Solutions
Speech Analytics
System Integrator
Telecom Expense Management
Telecom Platform Deployment
Telemarketing Software
Text Messaging
Unified Performance Management
Video Conferencing
Video Content Management Systems
Virtual Call Center
Virtual Office
Virtual PBX
Voice Broadcast
Voice Management
Voice Peering
VoIP Call Center
VoIP Call Recording
VoIP Gateways
VoIP Management
VoIP Solutions
VoIP Switch
WAN Optimization as a Service
Wind Power
Wireless Connectivity
Wireless Expense Management
Wireless Management
Workforce Management
Workforce Optimization
Share
Top 10 Cloud Computing Security Recommendations

TMCnews Featured Article


January 25, 2010

Top 10 Cloud Computing Security Recommendations

By Kevin G. Coleman, Certified Management Consultant and Strategic Advisor with the Technolytics Institute


For the last year, security professional have been bombarded by questions about cloud security. The recent Google (News - Alert)/ China incident has increased the volume of questions and given articles like “China, Google and the Cloud Wars” by the Wall Street Journal and others, the question of security the cloud is not in the forefront. After the onset of inquiries, the following top 10 list for cloud security recommendations was created.

1. Those exploring cloud solutions should establish their risk appetite and evaluate offerings against it.
2. Companies looking for cloud solutions should establish a cloud provider security risk profile and update it at least annually.
3. Those exploring cloud solutions should use a risk vector analysis matrix to evaluate cloud providers and those served by the same cloud vendor.
4. Make sure you evaluate the security program for cloud computing vendors up front and use it to narrow down potential vendors.
5. Ensure your contract with the cloud provider includes ongoing security reviews and language mandating immediate notification (within 24 hours) of serious security events.
6. Review the cloud provider’s HR and supply chain practices and employee background check process and hardware/software/equipment sourcing security needed to reduce threats.
7. Know the names of all other organizations supported by the cloud so that you can assess any increased risks they may bring.
8. Use common controls reviews based on the ISO 27000 and 28000 standards to reduce the assurance burden.
9. Address in your contract the legal risks like subpoenas, e-discovery and jurisdictional issues as well as technology licensing issues.
10. Finally, conduct a cost/benefit/risk reduction analysis of vendors offering secure cloud solutions with hardened data centers, hardware isolation and other security fortifications.
Each situation is different and a list of security concerns and requirements must be a part of your cloud discussion and decision. At a minimum, organizations must address these 10 issues to properly manage their risks. Failure to do so can result in difficult issues between your organization and the cloud vendor.

Kevin G. Coleman, a consultant and advisor with Technolytics Institute, writes the Data Security column for TMCnet. To read more articles by Kevin, please visit his columnist page.

Edited by Amy Tierney