Cloud computing users warned on security

Companies should vet cloud providers very carefully

Cloud computing users need to be doing more to ensure the integrity of their data and business continuity, according to a new report from Forrester Research.

Companies are jumping into cloud computing without a proper appreciation of the security, compliance and intellectual property considerations of the move, the report found, and companies need to investigate more thoroughly before shifting to the model.

"While cloud computing is able to deliver many benefits, organisations should not jump on the cloud wagon without a compelling business driver and a clear understanding of the security, privacy and legal consequences," said Forrester analyst Chenxi Wang.

"Users of cloud services should not automatically assume that you are sacrificing security by moving into the cloud, but at the same time you should not trust your cloud provider implicitly to deliver security."

The report recommends that companies should perform a legal check on the rules governing their data and its movement outside the company before signing on for cloud services.

Providers also need to be thoroughly vetted to see that they meet the security and operational requirements of the business. This relates not only to the location of the data, but whether it is stored in an encrypted format and how it is protected by the host against intrusion.

Auditing a potential cloud provider is suggested as a good safeguard, and companies should consider using a third party to assess the vendor, such as the services offered by Hyperic and HP.

As more and more companies move onto the cloud, Wang believes that the role of the IT security manager will change from an operational role to one based more on the oversight of suppliers.

"To take full advantage of the power of cloud computing, end users need to attain assurance of the cloud's treatment of security, privacy and compliance issues. To that end, we need an industry with open standards, clearerregula tions and community-driven interoperability," she said.

"A standards-based approach will make it easier for vendors to support flexibility, agility and expanded cloud service offerings such as collaboration, and it will also make it easier for customers to evaluate a cloud vendor and build trust in its privacy and security promises."