Stakeholders — including line-of-business managers, compliance managers and customers — have legitimate concerns about the security of data that is allowed to reside outside the control and confines of an enterprise data center. IT decision-makers, therefore, have to carefully consider the security implications associated with running applications on a hosted-cloud infrastructure. In particular, the security of cloud providers should be evaluated based on several criteria, including:
Encryption of data, both in motion over the network and at rest in the storage environment
Access control in terms of how users are authenticated and how granularly permissions can be granted or denied for different application-related privileges
Perimeter security such as firewalls, intrusion detection, periodic penetration testing and other best practices
Physical security to ensure that unauthorized personnel cannot gain direct access to servers and storage arrays where sensitive data resides
IT decision-makers should bear in mind that the real question at hand is not whether a given cloud provider’s environment fulfills some theoretical ideal of perfect security — but rather whether it is more or less secure than other provisioning options.
Keep in mind, no IT environment is perfectly secure, but cloud provider environments are often much more secure than their enterprise counterparts because they are newer, more homogeneous and operate at economies of scale that allow for more intensive security operations.
Want to learn more? Check out CDW’s white paper, “Migrating Enterprise Applications to the Cloud.”