How will their all-important keys be managed and will the data be encrypted to a high standard?
Key management is assumed by cloud providers in a very critical view. There are multiple solutions that store credentials inside and outside the cloud within a secure infrastructure depending upon the purchasing organizations cloud security needs. Plenty of providers are very much concerned with security of information both from the legal and data intrusion perspective. Is the data encrypted to a level sufficient to avoid access by potential hackers?
Is it possible for an independent attorney to provide a legal instrument such as a subpoena to gain access to data through the cloud system? Organizational system separation is maintained by some cloud security providers. This would be protecting a system from being accessed by a third party through an integrated system that would be key to preventing data from being compromised. Some key management and cloud security items to consider:
1. Advanced Encryption Standards should be used for keys to protect from acts of malicious intent. All customer encryption and authentication credentials in should be stored in an AES256-encrypted database with no encryption keys stored in the credentials management zone.
2. Every customer should have a unique access keys to prevent encroachment on others' data.
3. Keys should be stored outside the cloud infrastructure provider and only used when necessary. The public cloud infrastructure should be viewed as hostile territory.
4. Not one cloud provider or provider for management solution should have any access to sensitive information or keys.
5. When it comes to sensitive information, there is a high level of necessity to consider backup encryption and file system.
Sustainability is very important, as it pertains to the day-to-day operations of a cloud security company. A meaningful and logically solution is required when it comes to key management.
Appropriate questions must be asked of a cloud service provider and the selection of appropriate partner should only be made on the basis of a clear understanding of the integrity of the entire solution. The process of hosting, administering, and allowing access to the relevant keys should be clear-cut and watertight.
The benefits of public cloud infrastructures have been well documented; scale, flexibility, and reduced capital expenses & operational costs. Cloud security will continue to evolve and improve and be high priority to an enterprise that has tight IT policies and procedures. A wider acceptance and mainstreaming of the concept of cloud security is expected, along with its increased benefits.
Cloud Consulting Services from enStratus assists you in your migration into the cloud. enStratus can help you design a deployment to meet your target SLA's and address issues such as scaling parameters, cloud security and cloud compliance. Learn more about how enStratus delivers reliability for applications in the cloud at http://www.enstratus.comArticle Source: http://EzineArticles.com/expert/George_Hadjiyanis/577663