Leaving aside the obvious considerations of the physical security of a data centre, what considerations are there for the logical, remote and application data security in the cloud? The two prominent cloud services currently are Software as a Service (SaaS) and Infrastructure as a Service (IaaS), each with their own approaches to cloud security.

IaaS Providers

You control traffic security devices locking your data centre in the cloud. Download firewall logs from the web console like you would with physical firewalls into an Excel spreadsheet or use an API to push it to a Security Information and Event Management (SIEM) product. Employ an outside security company to run Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) against your virtual data centre – your cloud provider can do this for you.

SaaS Providers

An SaaS provider has to design a security to protect data such as usernames, passwords and poorly configured databases. Software and middleware are the biggest security issues. SaaS providers should be able to provide the last results of compliance, regulation and previous audit reports. Suppliers are compelled to ensure they operate tight security practices with the latest encryption. The following should also be considered:

*Risk assessment – get the full picture on a provider’s design and development of their security.
*Authentication – technology should be current and secure.
*Encryption – does your provider permit you to own the encryption keys?
*Data loss prevention – internal and external data loss policies.