2012年7月16日 星期一

Dimension Data: Security questions you should ask your cloud provider

Security questions that you should ask your cloud provider
In order to evaluate the security approach of a cloud provider, enterprises should ask the following questions of their cloud providers:

Network security:
• Do you provide dedicated physical or virtual LANs to your clients?
• How does your data centre architecture contribute to client security?
• Are clients able to define their own authorisation and access control lists?
• How can clients ensure that their networks are secure?

Secure user access:
• How do you provide secure access (SSL-based VPNs) to your clients?
• How do you provide account-based security?
• Do you support role-based access controls?
• Do you support the addition and removal of ACL firewall rules directly in addition to host-level security?
• How do you monitor and report on usage and activities for audit purposes?

Compliance:
• What compliance certifications does your company hold, and how often do you undertake a compliance audit?
• Do you permit clients to audit your security controls?
• How do you address requests for location-specific storage to abide by data sovereignty requirements?
• Can a client’s data be prevented from being moved to a non-compliant location?

Virtual machine security:
• What protocols do you use to secure applications running on a virtual machine?
• How do you secure virtual machines in your cloud?
• How do you isolate one or a logical group of virtual machines from one other?
• Do clients have visibility into their virtual machines and servers running in their cloud and, if so, what monitoring tools do you provide?

沒有留言:

張貼留言