How to choose a cloud computing provider

By Andrew Collins
Monday, 16 May, 2011


Keen on the cloud but worried about the security of cloud computing - specifically, putting your data in the cloud? If so, you’re not alone.

Cloud computing vendors and service providers obviously love to extol the virtues of their products, but some provide few details of how they secure your data from malicious hands. This leads many organisations to feel some trepidation when it comes to accelerating their precious data into the cloud.

Recently in Voice+Data magazine we asked whether the NBN would drive cloud computing uptake in Australia. Following this discussion, we spoke to cloud security experts McAfee about using the cloud without risking your data.

Sean Duca, Enterprise Solutions Architect at McAfee Australia and New Zealand, says that the frameworks for evaluating the security of a cloud provider are something that’s “still being worked on”.

“We’ve been doing a lot of work with the Cloud Security Alliance to nut out what some of these frameworks should look like to help organisations pretty much do their due diligence,” Duca says.

It seems there are legit cloud service providers out there that are doing what they can to secure their services. Duca says these cloud service providers have got a lot to lose - referring to the blowback they would receive if their customers’ data was breached.

“So they’re probably more inclined to put a lot more security controls than probably what their enterprise customers are doing today in their own environments. Because their whole business model is based on making sure that everything is completely secure,” he says.

But that doesn’t mean you should place your faith in the first cloud provider that pitches its services to you. This is especially true given the many cloud service provider start-ups that are entering the market.

“There’s always going to be some of those other type of service providers pop up that may not be using the same level of security controls that everyone else does,” he says.

Evaluating cloud service provider security

Above all else, Duca recommends keeping your eye on the big picture.

“It’s just a case of making sure you’re not focused on the financial [scenario] shining in front of you, that distracts you from doing your due diligence,” he says.

“Some of the security challenges that people are going to have to look at are around the cloud providers themselves: Who are they? Where does their data reside?” Duca says.

“So looking at some of the traditional ways of: How do I provide protection to my data? What data goes up into the cloud and is it safe in those specific cloud providers? What are the controls that they’ve got in place to protect their data?” he says.

But it’s not just about making sure your provider is doing what it should; according to Duca, it’s also important that you ensure access to the data you’ve stored in the cloud using a secure medium.

The importance of a cloud computing exit strategy

Beyond the security of data at rest, Duca says you must consider what happens to your data if you no longer have access to it - if you changed cloud service provider, for example.

“If [the customer] decides to change their mind, what happens to their data or how long can they access their data if they decide to move on to another service? So it’s all around the data retention side of it. When they leave that provider, are they really taking all their data or does the data reside on there? So there’s that whole arrangement around data protection,” he says.

Duca recalls conversations with several organisations regarding cloud computing contracts and the consequent complications that can follow - particularly if a cloud provider shuts its doors.

“Let’s say the cloud service provider happens to fold, becomes bankrupt, insolvent or whatever it may be, and they close up shop. How do [customers] get access to their data that was once upon a time on there?” he says.

And in both these circumstances, even if the customer has access to their data, they must consider how they’re going to get it from one provider to another.

“You’ve got to think about some of the data that may be on there. We’re talking very, very large databases. How easy is it to transport that from one service provider to another?” he says.

The bottom line is: do your homework.

“While there’s a nice shiny price someone can put right in front of you, and say ‘Hey look, it’s only going to be a couple of dollars, or a couple of cents, per hour for using these services,’ the real question is: once you’ve got on board with it, how easy is it to walk away if it’s something that once you get into it, that you’re pretty much stuck with?” he says.

Related Articles

Staying ahead: business resilience in the hybrid cloud era

The rise of cloud computing and advancements in virtualisation have revolutionised how businesses...

Taming cloud costs and carbon footprint with a FinOps mindset

In today's business environment, where cloud is at the centre of many organisations' IT...

The power of AI: chatbots are learning to understand your emotions

How AI is levelling up and can now read between the lines.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd