The first blog of this series discussing the role of data security in the cloud can be found here.

In 2014 and onward, security professionals can expect to see entire corporate perimeters extended to the cloud, making it essential to choose a service provider that can deliver the security that your business needs.

While organizations can let business needs trade down security we’ve begun to see how a recent slew of data breaches are encouraging greater vigilance around security concerns. For example, a recent CloudTweaks article highlights the need for organizations to be confident in their choice of cloud providers and their control over data. IT leaders have the power to control where sensitive information is stored. They also have the power to choose how, where and by whom information can be accessed.

An important driver in mitigating risk and increasing security is to ask the right questions.
An important driver in mitigating risk and increasing security is to ask the right questions.

Institute Control By Asking the Right Questions

However, adding to fears about ceding the control of data to the cloud is lack of transparency and accountability about how cloud hosting partner/ providers secure data and ensure a secure and compliant infrastructure.  Cloud consuming organizations often don’t ask enough questions about what is contained in their  service-level agreements, and about the process for updating security software and patching both network and API vulnerabilities.

Organizations need reassurance that a cloud provider has a robust set of policies, process and than is using automated as well as the latest technologies to detect, thwart and mitigate attacks, while in progress as well as be prepared to mitigate after an attack.


When evaluating cloud service providers, IT leaders need to ask:

  •  What information does the cloud hosting partner / provider make publicly available about their security processes and services, for example, are they listed in the Cloud Security Alliance STAR registry, and when was the last time they updated their entry?
  • What assurances can the cloud hosting partner/provider around secure data handling, storage and if relevant transmission processes?
  • How often do they perform audits and what types of audits do they perform – look for those that pertain to the verticals that are most relevant to your business needs
  • What kind of physical security does my cloud-hosting partner maintain?
  • Do they have customer references that you can speak with?

Be Confident in Your Choice of Services

Another distinct driver in managing enterprise security is choosing the right services for your security needs. Trustworthy products supported by trusted vendors enable their users to minimize the costs and reputation damage stemming from information misappropriation, service outages, and information breaches.

For example, Security as a Service offers business and IT leaders a way to “right-size” their cloud security strategy. For service providers, it offers a distinct market opportunity to differentiate service offerings. Gartner predicts that cloud-based Security as a Service will be especially popular among the small-to-mid-sized businesses (SMB) as they look to find the right value between investing in technology and the bottom line.

But with so many applications and so much data in the cloud, organizations are rapidly losing the ability to see who and what is moving in and out of corporate boundaries, and what actions users are taking. Coincidentally, the very things that make the cloud a threat—such as the location outside the network perimeter and the increasing use of the cloud for business-critical data—can enable organizations to make more accurate and near-real-time security decision making.

With more traffic going through the cloud, security solutions that also rely on the cloud can quickly and easily analyze this traffic and gain from this supplemental information. In addition, for smaller organizations or those with budget constraints, a well-protected and well-managed cloud service can offer more security safeguards than a business’s own IT security policies processes and technologies.



Find more information about the Annual Security Report, follow @CiscoCloud and use #CiscoCloud to join the conversation!

Cisco Security Grand Challenge: you have until June 17th 2014 to make a submission at CiscoSecurityGrandChallenge.com
Cisco Security Grand Challenge: you have until June 17th 2014 to make a submission at CiscoSecurityGrandChallenge.com

Addition Information:




Evelyn de Souza

Cloud Data Governance Leader

Chief Technology and Architecture Office