The question of who is responsible for cloud security is posed a lot lately. Sue Marquette Poremba just recently addressed that very question. With so many players in the game, she was surprised by how much responsibility is given to the end user, citing a surge in BYOD as a reason.
Right now, there really isn’t an answer to that question, but your organization must bear some of the responsibility to ensure that your cloud data is safe.
The National Institute of Standards and Technology has published a document that outlines security and privacy challenges when adopting a cloud strategy. “Challenging Security Requirements for U.S. Government Cloud Computing Adoption” is geared toward federal agencies, but the challenges it describes are certainly ones felt by all kinds of organizations, including your own.
The format of the document is helpful in that it not only describes existing mitigations for security and privacy impediments, but it also makes recommendations for future mitigations so that you can be proactive about possible security concerns.
In addition to the NIST document, use the following tools from our IT Downloads library so that the cloud security question does not go unanswered in your organization.
Cloud Computing: A Review of Features, Benefits, and Risks, and Recommendations for Secure, Efficient Implementation: Use this review to build a case for your own organization’s cloud computing implementation and to ensure that strong security measures are in place.
What Is Special About Cloud Security?: Use this study to get facts on cloud security so that you can tailor your current security controls and procedures to accommodate this evolving technology.
‘Cloud Security’ Excerpt: With the openness of cloud computing, security can’t be an afterthought. It has to be built into the DNA of cloud applications from the outset. This book chapter covers the basics, whether your shop or a vendor is doing the coding.