In the past couple of years, cloud-based solutions have gone from the status of a brave new technology to a mainstream vehicle for delivering storage, application, infrastructure and other services. From a security point of view, consuming cloud-based services usually involves delegating security for the service to the service provider. This does not need to be as scary as it sounds – as long as you approach the service engagement with your eyes open, and arm yourself with pertinent requirements for the service provider to provide appropriate controls to protect your organization.
Ultimately, cloud security comes down to a matter of trust. Do you trust your service provider to deliver on mutually understood promises? The interesting thing about trust is that transparency trumps technology and process as a trustworthiness validation indicator. Without transparency, how could you know, or even make an educated guess, about a vendor’s ability to execute on the promises they make about security? If I write anything more about this here, it will spoil the video blog post on the subject shared below:
Trust me, it’s worth a look.