CHOOSING A CLOUD HOSTING PROVIDER WITH CONFIDENCE

INTRODUCTION
Cloud computing is rapidly transforming the IT landscape, and the conversation around adopting cloud technology has progressed from “if” to “when.” Enterprises are showing strong interest in outsourced (“public”) cloud offerings that can help them reduce costs and increase business agility. These cloud services offer enormous economic benefits, but they also pose significant potential risks for enterprises that must safeguard corporate information assets while complying with a myriad of industry and government regulations.
Many cloud service providers can deliver the security that enterprises need and SSL (secure sockets layer) certificates are part of the solution. More specifically, SSL is the solution for securing data when it is in motion. The goal of this white paper is to help enterprises make pragmatic decisions about where and when to use cloud solutions by outlining specific issues that enterprises should raise with hosting providers before selecting a vendor, and by highlighting the ways in which SSL from a trusted certificate authority can help enterprises conduct business in the cloud with confidence.
CLOUD COMPUTING: NEW OPPORTUNITIES, NEW SECURITY CHALLENGES
Most organizations cite cost savings as the most immediate benefit of cloud computing. For the enterprise, cloud services offer lower IT capital expenditures and operating costs, on-demand capacity with self-service provisioning, and pay-per-use pricing models for greater flexibility and agility. The service provider, in turn, achieves exponentially greater economies of scale by providing a standardized set of computing resources to a large base of customers. Many enterprise hosting providers are already well positioned in the market and have the core competencies (people, processes, technology) to deliver the promise of cloud computing to the enterprise.
Despite the clear economic benefits of using cloud services, concerns about security, compliance and data privacy have slowed enterprise adoption. An IDC survey of IT executives reveals that security is the #1 challenge facing IT cloud services1. Gartner Research has identified seven specific areas of security risk2 associated with enterprise cloud computing, and recommends that organizations address several key issues when selecting a cloud hosting provider:
1. Accessprivileges–Cloudserviceprovidersshouldbeabletodemonstrate they enforce adequate hiring, oversight and access controls to enforce administrative delegation.
2. Regulatorycompliance–Enterprisesareaccountablefortheirowndataeven when it’s in a public cloud, and should ensure their providers are ready and willing to undergo audits.
3. Dataprovenance–Whenselectingaprovider,askwheretheirdatacentersare located and if they can commit to specific privacy requirements.
1. Source: IDC eXchange (http://blogs.idc.com/ie/?p=730)
2. “Assessing the Security Risks of Cloud Computing” (http://www.gartner.com/ DisplayDocument?id=685308) Gartner, June 3, 2008.
Ready or Not, Here Comes Cloud Computing
Some people believe cloud computing is the most significant paradigm shift since the advent of the internet. Others think it’s just a fad. But one thing is for certain: cloud technology is quickly rising to the top of every CIO’s priority list.
– Source: Gartner EXP Worldwide Survey (http://www.gartner.com/it/ page.jsp?id=1283413)
Organizations are accelerating their uptake of cloud services, and industry analysts such as Gartner Research estimate that enterprises around the world will cumulatively spend USD $112 billion on cloud services over the next five years.
– Source: Gartner Research (http://www. gartner.com/it/page.jsp?id=1389313)
White Paper: Choosing a Cloud Hosting Provider with Confidence
4. Datasegregation–Mostpubliccloudsaresharedenvironments,andit is critical to make sure hosting providers can guarantee complete data segregation for secure multi-tenancy.
5. Datarecovery–Enterprisesmustmakesuretheirhostingproviderhasthe ability to do a complete restoration in the event of a disaster.
6. Monitoringandreporting–Monitoringandloggingpubliccloudactivityis hard to do, so enterprises should ask for proof that their hosting providers can support investigations.
7. Businesscontinuity–Businessescomeandgo,andenterprisesshouldask hard questions about the portability of their data to avoid lock-in or potential loss if the business fails.
To reap the benefits of cloud computing without increasing security and compliance risks, enterprises must ensure they work only with trusted service providers that can address these and other cloud security challenges. What’s more, when enterprises move from using just one cloud-based service to using several from different providers, they must manage all these issues across multiple operators, each with different infrastructures, operational policies, and security skills. This complexity of trust requirements drives the need for a ubiquitous, highly reliable method to secure your data as it moves to, from and around the cloud.

Download the complete white paper here:

Special thanks to verisign and symantec