Nobody notices a clean house, they only notice dust on the furniture. In the same way, you will never be recognized for having a secure IT environment. But you will get noticed if you don’t.
The security risk is all yours. If your Cloud Service Provider (CSP) vendor allows inappropriate access to your or your customers’ data:
Most CSPs are very aggressive in keeping software under their control up-to-date in terms of security patches, and that alone can reduce your risk of a data breach substantially. Your CSP may help in forensics, and they can provide a lot of help. They can afford to have the security experts that can more quickly isolate the problem. They can set up a parallel environment to significantly reduce the time to locate and correct the problem. But they will not share the risk.
You have exactly the same security requirements as you move to the Cloud. It just makes it more interesting to satisfy those requirements. The Cloud changes the where, how and who:
If something is worth protecting in your own IT environment, it is worth protecting in the Cloud. Likewise, don’t spend time and money securing data beyond what is required. Do you know what needs to be protected?
There are important questions you should answer before you sign a contract with a Cloud Service Provider.
If you are concerned about Payment Card Industry (PCI) compliance, see our PCI Overview.
For each target workload, we can help you determine the security requirements, and from that where in the Cloud Cube that workload belongs, or whether the Cloud is not yet ready to support that workload.
We offer training on Cloud security to help your management and your technical staff understand the complexity and opportunity that the Cloud can bring in the security area.
Check out our blogs, with many specifically on the subject of Cloud Security.
We can help. Contact Us with your questions.