Is cloud computing secure?

In the latest of our cloud computing exploration features, we look at the issue of security.

That does take some of the load off your IT team, though, as you're handing over both infrastructure and OS security to your cloud service provider.

SaaS is both the simplest and the hardest to deal with. It's simple, in that all your security needs are taken care of by the service provider. It's also the hardest, because that means you need to trust your SaaS vendor or at least ensure that you have a legally binding agreement which includes security provisions. You'll need to be sure that you're complying with the appropriate regulations, and that you've got a secure connection to your provider's applications using more than just simple passwords!

Getting that trust right is important to Salesforce.com, according to Tim Barker, the company's vice president of marketing in Europe, the Middle East and Africa (EMEA).

He describes it as a "consistent focus," adding "We started building with security in mind, to be a service that users trust".

Advertisement
Advertisement - Article continues below

But it's not good enough to be trusted for what you say, and that trust needs to be verified. "We work to ISO 27001 standards, with third party accreditation, and we're also evaluated by prospective customers who send in their own security people. So we're probably more regularly reviewed than any other vendor, right down to code reviews," Barker added.

Mike Lingo , chief technology officer at Astadia, echoes the need for an audit of cloud services as part of ensuring compliance. "Customers need to assert that their vendors are compliant with best practices for processing in their environment by reviewing things like SAS 70 compliance, which is obviously the standard vendors will work towards," he said.

"Further, you'll want to know for mission-critical or system-critical apps that a Type II audit was performed."

That actually adds up to a security advantage for cloud services, as Lingo points out that "a well-established vendor's cloud solution has probably had much much more money spent on its infrastructure, security and competencies than an internal IT shop can often afford".

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019