Data security in the cloud REPORT CONDUCTED BY Aarkstore Enterprise

June 28, 2009 - PRLog -- Cloud services promise efficiency savings and economies of scale, but security and compliance concerns are holding back most organisations from taking advantage of them. Service providers should be more open about their security policies and practices.

Table of Contents :  
Executive summary
In a nutshell
Ovum view
Key messages
Service providers should not rely on obscurity
Compliance requirements in shared environments are unclear
Cloud service security is heavily dependent on access control and identification
Ask your potential suppliers probing questions
Cloud services require the user’s environment to be secure
Why worry?
Is the risk real or hype?
Cloud computing takes IT outsourcing one step further
Business and regulatory requirements
Global review
Is the cloud compatible with compliance?
Legal concerns
Contractual obligations are alien to the cloud service providers
Controls and notification don’t translate into the cloud environment
Data and media destruction
Security in cloud services today
How far can you go on trust?
The balance sheet
Overall security levels appear to be high, but cannot be measured
Security and shared resources
Security and flexibility are tradable
Security that can’t be provided in the cloud
Counterbalancing security measures
Security and compliance
Cloud service providers have to show evidence
Geographical location
Legal disclosure
No standards and no consistent practice
SAS 70
ISO 27001
FIPS 199/200
NIST Special Publication 853
Cloud Security Alliance
The National Institute of Standards and Technology proposed standard
Available technology
How cloud services can be secured
Service platform security
Data protection
Separation of data
Meta data
Encryption of communications between the customer and the cloud
Encryption of stored data
User access control
Single sign on and user provisioning
Audit and reporting
Application security
Security testing services
Integration is a weak point
Strategy
Cloud service providers should …
Enterprises should …
Responsibility and risk
Compliance strategy
Data classification
Enhance user access control
Infrastructure maintenance
Do not expect too much from SLAs
Audit the service provider
Contract termination
Questions for your SaaS provider


For more information:
visit us at :-http://www.aarkstore.com -Data security in the cloud

# # #

Aarkstore Enterprise is a leading provider of business and financial information and solutions worldwide. We specialize in providing online market business information on market research reports, books, magazines, conference at competitive prices.