Tactical Advice

Building More Trust in the Cloud

Companies considering cloud computing infrastructures require trustworthy systems.
Building More Trust in the Cloud
Credit: iStockPhoto/ThinkStockPhotos

Companies are beginning to realize the economic advantages of cloud computing and are increasingly turning to cloud services. Despite this cloud-friendly shift in thinking, most organizations still harbor concerns about the security of cloud infrastructures.

Our economy relies heavily on a variety of sophisticated networks. As our global population continues to evolve, we develop complicated networked technologies — such as the cloud — to meet changing demands.

But security is challenged by threats such as privacy, the misuse of intellectual property, malicious modification or replacement of technology and counterfeiting. One of the biggest reasons for organizations’ delaying a migration to the cloud is the perceived loss of control over corporate data. When storing information on cloud servers, key components of the IT infrastructure are moved beyond the reach of internal IT personnel.

Additionally, organizations that must meet government regulations may lose needed oversight of controlled data. Many IT teams are concerned that the cloud infrastructure — to the extent that it is not maintained or monitored by internal IT staff — runs the risk of downtime and unauthorized access.

Incorporating Trust into the Cloud

At its core, cloud computing requires that an IT department — and by extension, the organization and end users — must trust that the cloud service provider has safeguarded the entire supply chain from the organization’s own vendors to the end product.

Without that level of confidence, IT administrators often fear that with less oversight of computing systems, they can’t demonstrate that the hardware is running properly, or even that the infrastructure is running within certain geographic bounds.

Having trustworthy systems in place can satisfy these concerns.

First, trustworthy systems can offer attestation or assurance that services, workloads and servers are running within certain geographic bounds. Second, the principles of trustworthy systems can be used as guidelines to provide assurance, and not just a state-in-time assurance, but real-time attestation that services are functioning securely; effectively eliminating the fear that malware is potentially making its way into the hardware layer and tampering with routers.

The cloud development community must employ secure design principles and have a comprehensive understanding of advanced coding practices. It must perform threat modeling and vulnerability testing, as well as confirm that extensive product security requirements are met.

These requirements create a framework from which cloud developers can develop trustworthy systems.

The Role of Vendor Reputation

When companies select a cloud vendor for security and critical infrastructure, they often base purchasing decisions on reputation and technical qualifications. More recently, a vendor’s evolving security approach and procurement process have begun to play an increasingly essential role.

Trusting a system requires confidence in the technologies on which it is built and the individuals who developed those technologies. Due to limited resources, past practices, government requirements or inexperience, not all vendors are qualified, willing or capable of developing trustworthy systems.

Vendors with proven track records, advanced security development and the foundation to support international security efforts in a transparent manner are often the most qualified to develop trustworthy systems.

Considering a Trustworthy Cloud Provider

Organizations should meticulously evaluate prospective cloud service providers to determine whether the best security practices are employed. Specifically, organizations should verify the degree of visibility and control, including:

  • The cloud provider’s reputation with respect to trustworthiness
  • The extent to which real-time assurance can be provided

Looking Ahead

Many organizations have been holding back from adopting a cloud computing strategy due to a lack of trust. Moving forward, cloud security vendors must have a system in place to immediately alleviate a potential customer’s concerns regarding the lack of visibility over infrastructure and data.

Simply put, a customer needs the same level of confidence and trust in the cloud infrastructure that it has behind the firewalls in its own enterprise. Organizations will soon recognize that cloud computing offers a cost-benefit that is hard to ignore.

A company interested in the cost savings to be realized through cloud computing can employ the best practices outlined above to assess the trustworthiness of a potential cloud partner, and take advantage of the economic benefits of cloud computing with confidence.

Those looking to better understand the security capabilities of a cloud vendor should leverage the resources available at the Cloud Security Alliance’s Security, Trust and Assurance Registry.

Sign up for our e-newsletter

About the Author

Evelyn de Souza

Evelyn is a data center and cloud security evangelist for the Security Technology Group at Cisco Systems responsible for championing holistic and next generation security solutions. She co-chairs the Cloud Security Alliance Cloud Controls Matrix (CCM) and is focused on harmonizing efforts across industry initiatives such as the Open Data Center Alliance (ODCA). Follow her on Twitter @e_desouza.


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.