Best Practices in Cloud Security

  • News

Spending on cloud computing is growing faster than any other form of IT spending, with organisations of all sizes looking to reap the benefits of cost savings, flexibility, increased productivity and more. In particular, the use of software as a service (SaaS) is becoming mainstream. Where organisations are reluctant to embrace cloud services, the reason is often owing to concerns over security, especially since many SaaS offerings mean that an organisation’s data processing and storage, much of which is data sensitive to the organisation, is handed over to the service provider.

However, cloud computing models can actually provide a more robust and effective level of security than technology deployed and managed in-house. For example, mitigation against the latest threats can be pushed out to all users of the service simultaneously, removing the need for patches and updates to be deployed by IT administrators to all users of the service. This also provides the assurance that all devices connected to the service are up to date in terms of their security posture.

Beyond threat mitigation, cloud delivery is suitable for a wide range of security services, from basic needs, such as malware protection, to advanced security services such as vulnerability management, security monitoring, policy compliance, and application security and testing.

As well as accessing security services, organisations will also benefit from the service provider taking responsibility for many aspects of security as it must, itself, have developed a highly secure infrastructure in line with best practice and good governance objectives. These incorporate a wide range of security controls and can attest to the quality and security of its services through management reports and audit trails.

Fran Howarth has recently published a new report that examines how the use of cloud computing can actually improve security, as well as discussing the issues and challenges that remain, including liability, contracting and SLA terms and conditions, data centre infrastructure, auditing and certification, and the need for further standards development. Download the report: Best practices in cloud security.