The realities of Cloud security, or the realities of due diligence?

There is no doubt that the security of your data in the Cloud is a hot topic at the moment, and most people have opinions regarding the subject - many start from a position of doubt or outright rejection, but some, generally those who have done the background leg work, are less skeptical. When I talk to customers and prospects security is often at the top of the agenda; but when I take the time to whiteboard and explain to them the controls we as a Cloud provider put in place you can almost see the reassurance on their faces; the discussion quickly moves on to how the cloud adds value to their infrastructure, and the network effect therein.

This week Daniel Dern spoke to NeoSpire's director of security, Sean Bruton in an Information Week SMB article about the realities of cloud security and the key questions to ask when assessing a cloud service-provider's claims.

The interview, available here, is a Q&A session with Bruton, who talks about some the security issues and concerns that companies should consider before selecting an external hosting company or cloud service, or whether they elect to "keep things inside."

Dern and Bruton identify some of the excellent Cloud adoption bonuses such as economies of scale and the importance of provider compliance. But, what sticks out to me is that the big question regarding security is really a question about due diligence. This blog has previously proposed the importance of customers due diligence on the Cloud, and Bruton's comments only reinforce this.

So really what the security of the cloud is all about is asking the right questions, making sure your vendor of choice is willing to discuss the finer points of their controls, and importantly realizing that in most cases the Cloud is only going to enhance the levels of security applied to your data.

Dern closes by asking; "So you have to understand what any cloud vendor means when they say Security" And, he's right you do, but you must understand why you're asking that question so the answers are meaningful. Any self respecting, genuine cloud vendor will be only too happy to discuss the security enhancements they are providing to your data; it they don't your due diligence has hit a red flag.