Architecture Matters
It is tempting to simply rely on a provider's SLAs and ignore the gory details – and many providers prefer you do just that, but when it comes to security, details matter. How can you be sure that the physical servers hosting your VMs and data are pristine and uncompromised? Intel has had chip-level technologies to address that issue for generations – specifically TXT – but providers often fail to enable these features. This is equally true for your private cloud servers as it is for providers. Do you have data locality requirements? Intel TXT addresses this concern as well with geo-location and geo-fencing. Refer to NIST 7904 for information about trusted geo-location. When combined with encryption, you can ensure that your company's virtual machines and data cannot be hijacked and copied to another cloud where they could be subjected to a brute force attack at the BIOS level. Ask your providers about their trusted platform and TXT support.
5 Ways to Keep Mission-Critical Data Safe in the Cloud
5 Ways to Keep Mission-Critical Data Safe in the Cloud
Before any company moves to the cloud, an inevitable question is asked: Will our data be secure? A 2014 IBM study found that while 85 percent of chief information security officers (CISOs) believe their company's move to the cloud is imminent, more than 40 percent also believe a significant security breach will happen at a major cloud provider.
As businesses shift their mission-critical workloads to the cloud, IT departments are tasked with not only managing company data, but also securing it. Choosing a cloud service provider that fits your security strategy is key. IT Business Edge recently spoke with Sean Jennings, co-founder and SVP of solutions architecture at Virtustream, who shared five cloud security and compliance tips for IT leaders as they transition their companies to the cloud.
