Helping clients manage their technology for over 30 years.

Cloud Computing best practice #3: Pay attention to security

Importance of Security in Cloud Computing

This best practice might seem obvious, but it can never be over-emphasized. Here are the five must-dos of Cloud Computing security…

  1. Evaluate Cloud service providers’ security with these questions:
    • What access control model do you use? Who chooses the authoritative sources of access control policy and user profile information — you, or us, or a third party?
    • Do you support retrieval of access control policies and user profile information from external sources? If so, via what formats and transmission mechanisms?
    • Where do our accounts reside? How are they provisioned and deprovisioned? How do you protect the integrity of my data?
    • What authentication mechanisms do you support? (These should be appropriate for the sensitivity of the data use.) Do you support federated authentication or single sign-on model(s)?
    • What support do you provide for delegated administration by policy administration services?
    • What log information do you provide? Can it be imported into our operational analysis and reporting tools?
    • Can we specify external entities with whom to share information? If so, how is that accomplished?
  2. When using cloud computing services, pay attention to user authentication
    • Define and enforce strong password policies.
    • Match authentication options to the risk level of the Cloud services being used — and authenticate all users with at least a username and password.
    • Require enterprise administration capabilities for all supported authentication methods, especially the administration of privileged users.
    • Use self-service password reset functions first to validate identities.
    • Consider using federated authentication (you authenticate your users locally, then pass some type of token to the Cloud service granting access for that user).
  3. Perform a thorough evaluation of your own IT security so you understand your infrastructure and application vulnerabilities and are sure that all security controls are in place and operating properly.
  4. Develop a risk mitigation plan and document it so you can quickly deal with any issues that arise — and so you know how to train employees about risks and how to respond to them.
  5. Monitor Cloud service performance rigorously; this is how you and your Cloud provider will recognize any security threats early and deal with them quickly.

Next time: Cloud Computing best practice #2.

Leave a Reply