Cloud Security Threats – Lack of due diligence when moving to the cloud
This is the fourth blog in a series of 5 looking at some specific cloud security threats identified by the Cloud Security Alliance, available to download here. The other articles in the series can be accessed by searching the blog for the tag cloudsecthreats.
This time we will look at the idea of due diligence in moving to the cloud. The Cloud Security Alliance identified one of the security challenges of moving to the cloud as the lack of sufficient due diligence taking place before the move, and, whilst this is maybe not an obvious inclusion for a primary technical study, it is definitely an area that should be carefully examined.
The premise around this concern is that customers move data from highly available data centers within their own organization and geography, into cloud infrastructures that should also be highly available, and very elastic, but very often there is limited clarity as to exactly where data is residing, especially with some of the larger cloud service providers (CSP). Add to this the fact that whilst moving data and applications to the cloud gives you the opportunity to outsource the operations of your IT environment, you can never outsource your organizational risk – it’s up to you to decide what goes into the cloud, and whether it’s a risk that you can afford to take. Whilst every CSP will offer SLAs of some kind, it is worth looking at the small print to see how these compare across providers, and whether they are really enforceable in times of problems.
Amongst the many things to consider, it is definitely worth looking at the ideas of confidentiality, availability, and the impact of compliancy.
Read the entire article here, Cloud Security Threats – Lack of due diligence when moving to the cloud
via the fine folks at HP Enterprise.