What kind of security protections and controls can an enterprise expect from a cloud service provider?
While there are certain elements of the cloud, such as virtualization and multitenancy, which require special attention with respect to security, generally speaking, enterprises should expect the same level of security protections and controls from a cloud provider as they get from a traditional hosting service.
Do you have a question for Amy?
Submit your question directly to our editors at firstname.lastname@example.org.
This includes such services as access management controls, intrusion detection and intrusion prevention, unified threat management, content filtering and data leakage prevention. Some classes of data and applications will require more extensive controls, including multifactor authentication and encryption. Enterprises might also have some specific compliance and governance requirements that need to be addressed around data transparency and location. Cloud service providers can help meet these requirements by providing audit trails to the client as well as offering guarantees that cover a particular hosting center's location and certification standards.
With respect to cloud-specific security, providers should also be able to offer hypervisor security as well as data isolation to prevent commingling.
This was first published in April 2013