Mitigating the security risks of cloud computing starts with selecting the right Cloud Services Provider (CSP). This is the topic that the APM Group, the Cloud Industry Forum’s independent certification partner, will address at Infosecurity Europe this year. According to the organisation, whilst end users will still need to exercise caution and conduct their due diligence, the CIF Code of Practice can assist in the selection process.
Richard Pharro, CEO of APM Group, said: “Security is typically cited as an obstacle to the deployment of cloud solutions, but, in general, the perception that cloud has heightened security issues is unfounded. In truth, data is not inherently more insecure in the cloud than on premise. It all comes down to what safeguards there are, be they technical or legal.
“CSPs will often have more robust and up-to-date security than their customers, in particular SMEs, who often have limited full-time IT resources and struggle to keep up to date with security issues and fixes. Maintaining the best levels of security and service reliability are part of the core business proposition of every CSP, for if they fail at that they have very little else of value to offer the marketplace.
“Good security does, however, start with choosing the right provider. You shouldn’t be afraid of asking prospective CSPs tough questions about how your data will be kept secure. For example, what mechanisms the CSP operates in regard to access control, data storage, and data in transit to ensure compliance with data protection as well as offer effective security and sovereignty? If they can’t satisfactorily answer these questions, I’d suggest that you keep looking,” Pharro continued.
The Cloud Industry Forum has established a Code of Practice for CSPs to make the selection process easier. It aims to standardise enterprises offering cloud services to provide assurances for end users looking to migrate to the cloud.
“The Code of Practice is a credible, certifiable tool that allows CSPs to demonstrate they meet specified requirements of transparency, accountability and capability. Providers that have certified against the Code have demonstrated their compliance with industry standards of best practice with regard to transparency and capability; so opting for a CSP that has certified against the Code should bring peace of mind, ensuring that your data is protected in the cloud,” he concluded.