Cloud computing can be fraught with security risks. It is
critical that organizations get a security assessment from a
neutral third party before committing to a cloud vendor. Cloud
computing has unique attributes that require risk assessment in
areas such as data integrity, recovery, and privacy, and an
evaluation of legal issues in areas such as e-discovery, regulatory
compliance, and auditing.
Bayside Solutions can assist your organization in ascertaining
the level of security of your cloud computing environment. We can
also assist with the design and implementation of your cloud
computing environment to ensure it meets the security requirements
of your organization.
Organizations using cloud computing must
- Sensitive data - Sensitive data processed outside the
enterprise brings with it an inherent level of risk, because
outsourced services bypass the controls used in-house.
- Regulatory compliance - Customers are ultimately
responsible for the security and integrity of their own data, even
when it is held by a cloud computing provider.
- Data location - Do you have
regulatory or contractual obligations to store data in specific
jurisdictions? Can your data by stored outside the U.S., for
- Data segregation - It is critical that your data is
segregated from other customers.
- Recovery - Cloud providers must have plans to restore
your data and service in case of a disaster.
- Investigative support - Investigating inappropriate or
illegal activity may be impossible in cloud computing.
- Long-term viability - What is the long term viability
of your cloud computing vendor?
- Legal Contract and SLA Review
- Governance and Enterprise Risk Review
- Compliance and Audit Review
- Information Lifecycle Review
- Data Center Operations Review
- Incident Response Review
- Application Security Review
- Encryption and Key Management Review
- Identity and Access Management Review
- Storage Review
- Virtualization Review
- Disaster Recovery Review