Dark Reading: The 6 Worst Cloud Security Mistakes

A look at the most common missteps when choosing a cloud-based service -- and how to avoid them

Jun 05, 2009
By Kelly Jackson Higgins

Unless you've been snoozing under an old mainframe in your data center, the pressure to push some of your IT operations off-site and into a service provider's "cloud" is probably weighing heavily on your mind as you face shrinking IT and security budgets and increasing compliance requirements. Let's face it: Everyone is under pressure to make do with less while providing more accountability for securing their data, especially small and midsize businesses. In some cases, that may mean outsourcing some of your IT operations as money and manpower gradually dwindle.

Rushing things when it comes to cloud computing can be very dangerous security-wise, but blowing off cloud computing all together because you think you can secure your own stuff better than a service provider isn't smart, either. A few more mistakes: assuming you're no longer responsible for your data's safety and security once you've handed it off to a provider, and thinking you are solely responsible for deciding whether and how your company uses software-as-a-service: Don't be surprised to discover you are the last to know that a couple of your business units are already deploying SaaS (and didn't bother to run it by IT security).

Those are a few of the common blunders enterprises make when they first look at, or decide to move their systems, applications, and/or data to, today's services-based model, a.k.a. cloud computing. Some other mistakes with cloud security: not verifying or testing the security of your cloud provider, failing to vet the provider's viability as a business, and tossing your insecure apps into the cloud as-is, expecting them to automatically become more secure.

Let's take an up-close look at six common secure cloud computing traps, and how to avoid falling into them.

Click the URL above to read the full article