Tips for Cloud and Virtualization Security

As cloud computing grows in popularity, it's important for companies considering this option to take heed of the security issues. Here are some guidelines from Computer World:

1) Understand the cloud and how its diffuse structure affects data security
2) Demand transparency from any proposed vendor about their security architecture
3) Reinforce your internal security such as access controls and firewalls and make sure the cloud meshes with these existing security procedures
4) Consider the legal implications of data put into the cloud
5) Pay attention to changes in cloud technology affecting security

Some other security-specific issues to clarify with a potential cloud provider are user access, regulatory compliance, data location, data segregation, disaster recovery, investigative support and long-term viability.

A related concept, virtualization, also takes data directly off hardware and requires care to protect. Unlike cloud computing, virtual systems remain in-house. In this piece from Neil Roiter of TechTarget's SearchSecurity site, this will be a big year for virtualization vendors to beef up security.

The idea is that security requirements for virtual environments are the same as those for any other environment, including configuration management and change control.