6 tips for secure cloud shopping

Don't let low cloud costs blind you from the security risks that come with the package

Page 2 of 2

Cloud shopping tip No. 3: Keep everyone on the same page. Clear, open communication is a must for a cloud-computing initiative -- not just within the customer's organization, but among the customer, the cloud provider, and any third parties the provider brings to the table.

In terms of internal communication, for example, "the CSO's team is often not invited early enough to cloud-services evaluations to adequately surface its concerns," according to Slaby. "As a result, data privacy and other security issues get short shrift, barely getting shoehorned into contracts late in the game."

HfS also recommends that companies involve their providers in developing their risk strategy and migrating applications to the cloud. "Don't assume your service provider is doing what they need to do," Slaby cautioned. "Ensure they are handling their end and that no gaps exists."

Cloud shopping tip No. 4: Know whom to blame. Some cloud providers rely on third parties for certain services, a point a prospective client needs to know up front for the sake of identifying potentially problematic interdependencies. A component outage might have a limit to no discernible impact on a service; then again, it might bring a service to a crawl. "Consider a governance model in which one provider owns overarching responsibility for outages and security breaches, serving as a proverbial 'one throat to choke'," Slaby recommends.

Cloud shopping tip No. 5: Don't get trapped. Even with proper due diligence, you might find down the road that you need to dump your cloud vendor. Make sure to devise a risk mitigation strategy so that you'll be able to migrate your workload to a new provider (or in-house) quickly and easily should that eventuality arise. Carefully consider how much control you want to give any single provider. Finally, make sure you have in-house experts on cloud infrastructure and services to ease the transition to a new provider, HfS recommends.

Cloud shopping tip No. 6: Don't buy the snake oil. Providers are taking advantage of buyer ignorance about cloud security, according to Slaby, pushing dirt-cheap standardized contract that don't necessarily meet a customer's compliance, auditability, reliability, or data-transfer requirements. Cloud shoppers should be prepared to negotiate for better protections -- and to pay for it.

This article, "6 tips for secure cloud shopping," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2