Comments on: Open IT Forum: What are your cloud security concerns for 2011?

By: cloudresearcher

cloudresearcher — Fri, 16 Dec 2011 18:53:08 +0000

Data and Network Security will be in Focus atleast for next 2-3 years

By: pakella

pakella — Tue, 28 Jun 2011 15:40:42 +0000

Melanie, colleagues:

According to IDC, your concerns about data security are echoed by 48% of organizations that they surveyed!

As a prospect, looking to acquire and use a cloud-based SaaS solution, I might consider a framework that looks something like:
1. Access/authentication security
a. Are there sufficient mechanisms and controls – including multiple firewalls, data encryption, and password protection – to help ensure critical information is highly secure yet still usable and shareable?
b. Are the latest security standards used?

2. System (user, application, network) security
a. Are secure standards used across the stack? Within the application and across the entire business scenario? From SSL at the transport layer to APIs at the application integration layer through the integrity of the app data within the app (multi-tenancy, multi-roles) to the integrity at the end point where the user accesses the app.

3. Data security

a. Is the center running to the appropriate standards – ISO 9001, ISO 20000, and ISO 27001?
b. Are there strict policies that meet SAS 70 Type II audit standards?
c. Is personal data adequately secured – EU’s Data Protection Directive 95/46/EC?
d. Does it meet federal compliance standards (e.g., HIPPA)?
e. Is the data being backed and protected adequately?

4. Financial security
a. Is the hosting provider financially viable? Will they be around tomorrow, when you need them?

5. Physical security
a. Is the physical data center adequately protected? From miscreants, tsunamis, and other acts of man and God.
b. Are people working in the facility adequately monitored? (e.g., 24x7x365 surveillance, including motion-sensing, closed-circuit monitoring and recording; licensed onsite security staff; and secure card reader plus 4-digit PIN access to raised floor areas)

Best
-prasad

By: Selltest4pass

Selltest4pass — Thu, 23 Jun 2011 06:05:56 +0000

Test4pass: Leading the way in studying IT certifications. Best Practice, Guaranteed Certify! It can help you pass you exams .you can search “test4pass 000-152 “by Google. http://www.test4pass.com/000-152-exam.html

By: Cloud Security Wrap-Up - Enterprise IT Watch Blog

Cloud Security Wrap-Up - Enterprise IT Watch Blog — Mon, 28 Feb 2011 17:55:45 +0000

[...] What are your cloud security concerns for 2011?: Batye, MicroAcres, and Rechil expressed concern about understanding normal processes such as backups and security in relation to the new technology. [...]

By: rechil

rechil — Wed, 02 Feb 2011 06:08:19 +0000

Of course this is a great topic that about concerns of the present cloud security scenario.... 1. Concern About Need for Better Access Control and Identity Management, there are some third parties exist that deliver some products and services that may address these issues 2. Concern About Smart Phone Data Slinging, there might be chance for hacking of the cloud provider could provide mass access to confidential mobile device data when mobile users are using cloud-based mobile device support 3. Concern About Ongoing Compliance Issues and always keep in mind it 4. Concern About Risk of Multiple Cloud Tenants, which is the most cloud services make heavy use of virtualization technology, the risks associated with multiple organizations data housed on a single physical hypervisor platform exist And the most I think, Concerns over Email Security in the Cloud ! Thanks--

By: batye

batye — Wed, 02 Feb 2011 04:52:31 +0000

at the present time – I could be wrong but in higher educational institution this days – student never encourage by teachers to ask Why? and What?
if Co. could ask What is our security concerns and before looking for the security solution in the cloud get clear scope of the problem and solution/resolution

By: microacres

microacres — Tue, 01 Feb 2011 20:08:22 +0000

I had a serious meltdown at small legal office client who was not able to monitor their tape backup processes sufficiently and got caught with no proper backup after a thorough and complete SBS 2003 server hard drive crash. (Mirror crashed, too)
After a harrowing and expensive drive data recovery process, they decided to go with a Cloud solution for both Exchange and some applications (Timeslips, Wordperfect, MS Office) .

I have expressed my concern that they do not have a complete and recent backup copy of all of their business data on site at their offices, and that if the Internet goes down for any prolonged period, their business day is toast.

1. What good solution is there to having almost current copy of the applications data at their office? My suggestion to them was something like an NAS with Egnyte, which appears to solve the issue with a mirror in the cloud , while their working data is also local.

2. What are people doing for having a local copy of the Hosted Exchange data on hand locally? Just relying on the caced Exchange OST loca files for each user? Seems a bit didgy, at best.

Thanks