Cloud security: The top tips from the experts

Stuart Sumner
clock • 23 min read

Computing asked the experts for their top tips to help businesses use the cloud securely. Here's what they said

How to find the right cloud provider (2)

Nick Delewski, managing consultant, security consulting, Spirent Communications

"If you're in the public cloud, know your provider's penetration testing policy. While many providers understand the need for penetration testing and application assessment, some are more open to the idea than others. Most will require you to submit discovered infrastructure vulnerabilities for remediation, which is a good thing for everyone. However, some place greater restrictions on the types of tests they allow.

"Evaluate cloud usage policy and purpose. While the cloud offers a continuum of performance, monetary savings, and flexibility, the organisation should be clear on the goals of purchased cloud services. Is the cloud suitable for test/dev but not production? Could the company benefit from bursts of compute power without the capital commitment for a full private cloud solution?

"These are examples of questions that should be asked and answered, before giving the company credit card to the cloud. There's something to be said for modest exploration to try new things as part of any research and development programme, but routine cloud usage should still be policy driven and preserve the value proposition.

"Cloud vendors may be experts on technology and scalability, but they are not immune to market forces. History is filled with accounts of promising new companies with useful products and growth potential which fold due to grievous mismanagement or missed opportunities. It's also filled with acquisitions hoping to bring a solution to new heights of prominence only to be shut down after a talent exodus.

"This advice goes just as well for those interested in purchasing private clouds as it does for public cloud consumers: do your homework and be sure your cloud solution/provider is going to be around for the long haul. Then pick a backup solution and make sure that you have data redundancy and a migration path in case you need it. In these fairly choppy market waters, your business could literally sink if you're not careful."

 

Richard Gardener, solutions architect at Six Degrees Group
"Selecting the correct service is vital for a successful and secure cloud provision. Services that don't meet expectations are one of the key frustrations of IT teams today, wasting both time and money, as well as reducing security effectiveness.

"It is important to take the time to really consider what you want your cloud to do, and ensure that security is built into every layer of applications."

You may also like
Lazarus uploading malware to open-source PyPl software repository

Threats and Risks

Supply chain attack leaves developers in Asia at particular risk

clock 12 March 2024 • 3 min read
Hugging Face AI platform infested with 100 malicious code-execution models, researchers warn

Threats and Risks

These models could create a persistent backdoor for attackers

clock 01 March 2024 • 3 min read
Operation Cronos: NCA reveals details of LockBit affiliates

Threats and Risks

Operation has been crippled - for now

clock 22 February 2024 • 3 min read

More on Cloud and Infrastructure

WebAssembly heralds 'third wave of cloud computing'

WebAssembly heralds 'third wave of cloud computing'

Wasm: 'Speed and agility is the name of the game'

John Leonard
clock 26 March 2024 • 3 min read
Microsoft the latest to waive cloud egress fees

Microsoft the latest to waive cloud egress fees

TS&CS apply

John Leonard
clock 14 March 2024 • 2 min read
'A lot of confusion': Unpicking SAP's recent changes

'A lot of confusion': Unpicking SAP's recent changes

SAP and Lemongrass talk S/4HANA migration deadlines, RISE and AI

John Leonard
clock 27 February 2024 • 6 min read