7 deadly sins of cloud computing
Increasing your use of cloud computing? Great! Making these common security mistakes? Not great!
By David Geer
Often cloud service providers will attend to the basic levels of security in-house and depend on automated security applications and platforms to fulfill the bulk of their security practices.
Other cloud providers may outsource higher levels of security that are outside their core expertise to third party providers. But the security services of these third party providers may not be included in the contractual requirements and SLAs that the cloud provider shares with the customer.
"You have to require the service provider to maintain specific security functions, document security tasks, and provide copies of all security policies and practices as well as security reports," says Irvine.
Failing to understand the costs.
When cloud providers put their wares on display, they often showcase basic offerings for the sake of cost comparisons by potential customers.
"Unfortunately, after engaging a service provider, companies frequently determine that additional services, software licenses and even hardware licenses are required to perform all the IT tasks to which the business has grown accustomed," says Irvine. Security costs and those related to compliance (and, significantly, the documentation of that compliance) can similarly rise.
Companies underestimate cloud costs even further due to an unrealistic expectation as to the number of internal IT resources that they will need after pushing applications to the cloud.
"Depending on the type of cloud service being offered (SaaS, IaaS, PaaS), the number of resources required internally may not change at all. In fact, many of our clients who engage in cloud computing have no decrease in the internal IT department at all," says Irvine.
In any case, the likelihood that a company will outsource 100% of its applications and systems into the cloud is minimal. Even businesses that push many of their systems to a cloud solution still have requirements for internal infrastructure and workstation engineers. "As a result, IT department costs are only minimally affected," says Irvine.
Read more about cloud security in CSOonline's Cloud Security section.
Understanding critical issues in securing cloud computing—public, private, hybrid, SaaS and all other flavors
Hybrid cloud security real-world tales
Most organizations will use a mixed IT environment that includes public and private clouds as well as non-cloud systems
SaaS, IaaS and Paas: A security checklist for cloud models
API keys, connecting to the cloud, and other important issues to consider
5 cloud security predictions
Smart-phone slinging, identity management, multitenancy, and more
5 key cloud security issues
Cloud security: The basics
Cloud security all about the contract
Cloud security survival guide
The real problems with cloud computing
- B2B Integration on Cloud: Real World Solutions and Technology Advances
- Cloud Collaboration Knowledge Vault
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Mandiant's APT1: Revisited
The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. By Nick Selby - Attacks from China: A survival guide
- #FFSec: Infosec pros who bring value to Twitter
More Salted Hash with Bill Brenner
