The Silver Lining In Your Cloud TM

3 Key Areas to Security When Investigating a Cloud Provider

When you’re shopping around for a cloud service solution to fill your company’s needs, it’s vital to find a solution that’s secure. The sheer number of cyber security threatsthat are created each day demands that your IT infrastructure be as heavily defended as possible.

If security in any one area of your cloud provider’s solution is lacking, then your company’s sensitive data may be exposed to a breach.

There are three key areas related to security that you should check when investigating a cloud service provider:

1: Physical Security

Although it’s easy to forget when dealing with the cloud, there has to be a physical piece of hardware somewhere that manages your cloud environment. If physical security is lacking, then hackers can directly access the hardware that runs your cloud, and steal whatever they want directly from the drive.

Tier IV data centers that hold top accreditations such as SAS 70 and SSAE-16 are a must. These types of data centers use measures such as round the clock surveillance, armed security patrols, and biometric access controls to prevent unauthorized access to the hardware that runs your cloud environment.

Check with your cloud service provider to see what kind of data centers they use to host the hardware for your cloud, and what physical security measures those data centers use.

2: Software Security

A cloud solution that doesn’t have software security is like an apartment complex without door locks: anyone in the complex can stroll right in and take what they want.

Strong software security measures such as role-based permissions capabilities, encryption, intrusion detection software (IDS), and constant virus definition updates are all must-haves for any secure multitenant cloud environment.

3: Infrastructure Security

Closely related to software security in that it’s a protective measure meant to protect data from intrusion over the Web, infrastructure security is necessary for any IT environment to block malicious outside traffic.

Requirements for infrastructure security on the cloud include powerful perimeter and per-tenant firewalls to filter traffic, strong threat management/remediation, fully updated systems with vulnerability patches, and security incident response teams to handle active threats. partners with several vendors to get industry-leading security capabilities for all key areas of the cloud:

  • Physical Security. WHOA partners with Tier IV data centers such as the Super NAP in Las Vegas to keep infrastructure components fully protected from unauthorized physical access.
  • Software Security. Vormetric’s data-at-rest encryption not only meets key requirements for PCI compliance, it keeps hackers from being able to read the data they steal in case of a breach.
  • Infrastructure Security. WHOA uses industry-leading firewalls from Palo Alto networks at the perimeter to prevent intrusions. This is further bolstered by per-tenant firewalls from Alert Logic to create layered traffic filtering on the cloud to prevent intrusions.

When you’re looking for a secure cloud solution, you need a complete package. If any one area of a cloud provider’s solution is lacking in security, then your data is exposed to unnecessary risk.

Keep your data safe with a truly secure cloud.  Read our latest Ebook to learn why a layered approach to security is best.