The most significant challenge that remains for enterprises considering cloud computing is answering the question: How can I trust the cloud provider with my environment and my data? We can draw parallels between the cloud and the physical data center space in that the same perimeter, system, and data protection mechanisms we've come to rely upon in the physical data center must also be applied to the virtual environment. These include such tools as firewalls, intrusion prevention, anti-malware, and data loss prevention.
These are factors to consider when operating in the cloud:
- Cyber criminals can erase their digital tracks (log modifications)
- Admins can cover up accidents and misbehavior (log modifications)
- 'Vault' storage doesn't work in the cloud (PKI fails, data leaves the vault)
- Applications can be accidentally changed or maliciously compromised (code and app modifications)
Read the full article at CIO Insight to learn more about each of the factors.
Article by: Sean Martin, CISSP