Cloud security: The top tips from the experts

Stuart Sumner
clock • 23 min read

Computing asked the experts for their top tips to help businesses use the cloud securely. Here's what they said

How to find the right cloud provider (2)

Nick Delewski, managing consultant, security consulting, Spirent Communications

"If you're in the public cloud, know your provider's penetration testing policy. While many providers understand the need for penetration testing and application assessment, some are more open to the idea than others. Most will require you to submit discovered infrastructure vulnerabilities for remediation, which is a good thing for everyone. However, some place greater restrictions on the types of tests they allow.

"Evaluate cloud usage policy and purpose. While the cloud offers a continuum of performance, monetary savings, and flexibility, the organisation should be clear on the goals of purchased cloud services. Is the cloud suitable for test/dev but not production? Could the company benefit from bursts of compute power without the capital commitment for a full private cloud solution?

"These are examples of questions that should be asked and answered, before giving the company credit card to the cloud. There's something to be said for modest exploration to try new things as part of any research and development programme, but routine cloud usage should still be policy driven and preserve the value proposition.

"Cloud vendors may be experts on technology and scalability, but they are not immune to market forces. History is filled with accounts of promising new companies with useful products and growth potential which fold due to grievous mismanagement or missed opportunities. It's also filled with acquisitions hoping to bring a solution to new heights of prominence only to be shut down after a talent exodus.

"This advice goes just as well for those interested in purchasing private clouds as it does for public cloud consumers: do your homework and be sure your cloud solution/provider is going to be around for the long haul. Then pick a backup solution and make sure that you have data redundancy and a migration path in case you need it. In these fairly choppy market waters, your business could literally sink if you're not careful."

 

Richard Gardener, solutions architect at Six Degrees Group
"Selecting the correct service is vital for a successful and secure cloud provision. Services that don't meet expectations are one of the key frustrations of IT teams today, wasting both time and money, as well as reducing security effectiveness.

"It is important to take the time to really consider what you want your cloud to do, and ensure that security is built into every layer of applications."

Related Topics

You may also like
Experimental Morris II worm can exploit popular AI services to steal data and spread malware

Threats and Risks

Experimental Morris II worm can exploit popular AI services to steal data and spread malware

Cornell researchers created worm 'to serve as a whistleblower'

clock 01 May 2024 • 3 min read
UK business falling short on cybersecurity warns government report

Threats and Risks

UK business falling short on cybersecurity warns government report

A staggering 78% of businesses lack a formal incident response plan

clock 10 April 2024 • 3 min read
Multiple China-linked groups attacking Ivanti vulnerabilities

Threats and Risks

Multiple China-linked groups attacking Ivanti vulnerabilities

Patches have been made available by Ivanti

clock 08 April 2024 • 2 min read
Stuart Sumner
Author spotlight

Stuart Sumner

View profile
More from Stuart Sumner

The Metaverse is 'a grand folly' say CIOs and Zuckerberg's actions are 'terrifying'

'Whole world of complexity' for energy companies to deliver on government promises, says energy CTO

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Cloud and Infrastructure

Cloud adoption in 2024: Navigating AI, edge computing and the road beyond
Cloud and Infrastructure

Cloud adoption in 2024: Navigating AI, edge computing and the road beyond

CIOs are pursuing best-fit cloud solutions that avoid vendor lock-in

Eric Helmer
clock 09 April 2024 • 3 min read
WebAssembly heralds 'third wave of cloud computing'
Cloud and Infrastructure

WebAssembly heralds 'third wave of cloud computing'

Wasm: 'Speed and agility is the name of the game'

John Leonard
John Leonard
clock 26 March 2024 • 3 min read
Microsoft the latest to waive cloud egress fees
Cloud and Infrastructure

Microsoft the latest to waive cloud egress fees

TS&CS apply

John Leonard
John Leonard
clock 14 March 2024 • 2 min read