Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

For Your Chosen Cloud Provider, Make Demands Not Assumptions

There’s a false belief about cloud security that has been circulating for some time. Many mistakenly believe they can offset their security costs and responsibilities by moving to the cloud. By outsourcing much of their IT services to a cloud provider, the security is now their problem and not yours.

“Just because you give your job to someone else to secure your data or your service, you still have the responsibility to make sure that it’s being done securely,” said Brian Honan (@brianhonan), principal of BH Consulting in our conversation at the 2015 RSA Conference in San Francisco.

Make sure that your cloud behavior is operating in your best interests, said Honan. This reaches out to considerations of compliance, vetting your SLAs, and understanding roles for incident response. Start by understanding what your organization needs regarding data visibility. Once you clearly understand your organization’s needs, you’ll be able to pick and negotiate with a cloud provider to get exactly what you want.

Honan also advises that you have a clear understanding of where all parties reside. Where is the cloud provider hosting the data? How is that related to where your business resides and where your customers are who are using the data? There may be jurisdictional issues in all those locations, said Honan.

Many companies fail to recognize that once data is in the cloud, it can be accessed from anywhere. All that is protecting your company and its data is a user ID and password, said Honan. That means anyone from any device can access your data. And that may or may not be at the same level of security as your own organization’s devices.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.