Cloud security: Four customers' approaches

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

IT shops are taking matters into their own hands

Depending on whom you talk to, cloud security is either the industry's biggest oxymoron and won't be resolved anytime soon or it's no big deal because cloud vendors typically have tighter security than do any of their customers.

Wherever you fall on that continuum, the notion of security comes up as a key concern in many surveys on the topic, so it's clearly top-of-mind at most IT shops. There are a few security standards initiatives that might eventually help clear up matters (see sidebar below), but those are a long way from being ready to implement.

One thing is clear, experts say: Don't assume anything before doing your own due diligence. "It would be nice to think the vendors are doing a great job [of protecting the data] and they are building a highly robust application framework that provides a high level of security," says Jay Heiser, an analyst at Gartner who studies risk in the enterprise and regulatory compliance.

"The biggest frustration is determining whether they did that -- if a provider cannot give you definitive evidence [through testing and data verifications] that their product is [as] secure as they say it is, you have no ability to make a business decision to use it," Heiser adds.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies