Dear Reader,

Business at digital speed. Businesses always need to be concerned with security especially when we are poised at the beginning of the cloud. It has been said that the perfect storm is brooding with the advent of such technologies as formal cloud platforms Microsoft Azure, Amazon Web Services & Elastic Cloud Compute, and SalesForce.com.[1]

This third, and final, post in my brief series on Cloud Security touches on Enterprise Security.   Herein, I am suggesting a few general ideas.   Any company should fully explore its individual needs before  deciding on the solution to its current technological needs.

Businesses have the advantage of hiring a qualified IT staff to ensure their security … or do they?  Budgets are tight forcing companies into “Sophie’s Choice” decisions.   Also, not all IT departments are created equal.   Whose job is it to ensure the proper security is in place?  Does the administration or other non-technical departments have to become internet security experts?

One possible solution may be to consult with an expert in IT Security who may be able to provide advice on the best process.

For a company in the beginning stages of the process there are some simple steps that can be taken when considering to move to a global platform.   Asking  questions about their Terms of Service such as:

  1. Ask for their security or privacy policy – this will list out in details what they will or will not do and also any certifications the company has done to ensure they protect your information and privacy
  2. Ask for their vulnerability policy – this will also let you know how you can report vulnerability if you happen to come across it.
  3. Ask for compensation if service level agreement is not reach – some companies do offer compensation if your data went lost or missing. Company usually provide such compensation because they have adisaster recovery plan in place to ensure the lost of data close to never happen so they have not have to pay out compensation. Besides, lawyers won’t let business people put such warranty if they were sure they can deliver. [2] See original link for more information.

These precautionary questions can do a lot to avoid future problems.

Six areas not to be overlooked for longer-term planning include:

  • integration
  • security
  • connectivity
  • monitoring
  • continuity planning
  • long-term staffing

More information is available here.

As more people and businesses leap into cloud computing to meet the increasing need to stay connected with people and up-to-date for information, we also face the increasing challenge of becoming proficient in our understanding and use of this new media.   Hopefully, this blog has provided some insights and useful tips.

Feel free to contact the author with any questions, comments, or critiques.

Notes:

1. http://cogniti.wordpress.com/2011/01/04/microsoft-apple-toshiba-perfect-storm/
2. http://howtouseweb20.wordpress.com/2011/01/04/is-cloud-computing-secure/
http://www.informationweek.com/news/services/saas/showArticle.jhtml?articleID=229000684&cid=RSSfeed_IWK_All
3. http://cloudsecurity.org/blog/2010/03/14/cloud-computing-and-security-conference-securecloud-2010.html

4.http://www.informationweek.com/news/services/saas/showArticle.jhtml?articleID=229000684&cid=RSSfeed_IWK_All

Advertisements