Cloud providers won't let you audit their actual systems, but there are questions you can ask to decide your level of trust
Potential cloud-services customers face a tough problem: How can they trust cloud providers enough to hire them when the providers refuse to reveal important infrastructure details for reasons of security and practicality?
These providers say they can?t open their network architectures to customer scrutiny for fear the details will give potential attackers a blueprint for compromising security. They also say the time involved in answering each customer?s questions would be prohibitive.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
(Cloud Computing Research Center)
The bottom line, as one service provider put it earlier this year, is that customers will never get the level of transparency they want. "We won't let you audit to the degree that you would audit your own infrastructure," says Adam Swidler, a product marketing manager at Google, speaking about Google?s cloud services. "It's never going to be the same as auditing your own infrastructure. You'll have to extend some level of trust to third-party verification."
While customers may not be able to walk through cloud providers? data centers and grill their CISOs, they can submit probing questions whose answers may serve the purpose, says the Cloud Security Alliance, which has written a questionnaire businesses can adapt for their own purposes when trying to assess the suitability of cloud service providers.
Called the Consensus Assessments Initiative Questionnaire, the document is a well-thought-out framework for assessing cloud security. ?This question set is a simplified distillation of the issues, best practices, and control ... intended to help organizations build the necessary assessment processes for engaging with cloud providers,? the CSA says.
Key questions to ask:
Source: http://www.infoworld.com/d/cloud-computing/how-check-your-cloud-provider-712
harmon kardon avr 335 harmon kardon avr 430 harmon kardon avr 435 harmon kardon avr 500 harmon kardon avr 525
Keine Kommentare:
Kommentar veröffentlichen