Contact
Under Attack?

Cloud Computing best practice #3: Pay attention to security

By Tim Burke | June 21, 2012
Importance of Security in Cloud Computing

This best practice might seem obvious, but it can never be over-emphasized. Here are the five must-dos of Cloud Computing security…

  1. Evaluate Cloud service providers’ security with these questions:
    • What access control model do you use? Who chooses the authoritative sources of access control policy and user profile information — you, or us, or a third party?
    • Do you support retrieval of access control policies and user profile information from external sources? If so, via what formats and transmission mechanisms?
    • Where do our accounts reside? How are they provisioned and deprovisioned? How do you protect the integrity of my data?
    • What authentication mechanisms do you support? (These should be appropriate for the sensitivity of the data use.) Do you support federated authentication or single sign-on model(s)?
    • What support do you provide for delegated administration by policy administration services?
    • What log information do you provide? Can it be imported into our operational analysis and reporting tools?
    • Can we specify external entities with whom to share information? If so, how is that accomplished?
  2. When using cloud computing services , pay attention to user authentication
    • Define and enforce strong password policies.
    • Match authentication options to the risk level of the Cloud services being used — and authenticate all users with at least a username and password.
    • Require enterprise administration capabilities for all supported authentication methods, especially the administration of privileged users.
    • Use self-service password reset functions first to validate identities.
    • Consider using federated authentication (you authenticate your users locally, then pass some type of token to the Cloud service granting access for that user).
  3. Perform a thorough evaluation of your own IT security so you understand your infrastructure and application vulnerabilities and are sure that all security controls are in place and operating properly.
  4. Develop a risk mitigation plan and document it so you can quickly deal with any issues that arise — and so you know how to train employees about risks and how to respond to them.
  5. Monitor Cloud service performance rigorously; this is how you and your Cloud provider will recognize any security threats early and deal with them quickly.

Next time: Cloud Computing best practice #2.

Meet the Author
Tim Burke is the President and CEO of Quest. He has been at the helm for over 30 years.
Contact Us
See all of our blogs here
Posts by Category
CEO
CTO
Cybersecurity
Infrastructure
Professional Services
Partner
If you do not opt-out, we will use cookies to give you the best experience possible on our website. To find out more, read our privacy policy.
Contact Quest Today  ˄
close slider