Gartner Research has identified seven specific areas of security risk (Assessing the Security Risks of Cloud Computing” http://www.gartner.com/DisplayDocument?id=685308 Gartner, June 3, 2008.) associated with enterprise cloud computing, and recommends that organizations address several key issues when selecting a cloud hosting provider:
1. Access privileges – Cloud service providers should be able to demonstrate
they enforce adequate hiring, oversight and access controls to enforce
2. Regulatory compliance – Enterprises are accountable for their own data even
when it’s in a public cloud, and should ensure their providers are ready and
willing to undergo audits.
3. Data provenance – When selecting a provider, ask where their datacenters are
located and if they can commit to specific privacy requirements.
4. Data segregation – Most public clouds are shared environments, and it
is critical to make sure hosting providers can guarantee complete data
segregation for secure multi-tenancy.
5. Data recovery – Enterprises must make sure their hosting provider has the
ability to do a complete restoration in the event of a disaster.
6. Monitoring and reporting – Monitoring and logging public cloud activity is
hard to do, so enterprises should ask for proof that their hosting providers can
7. Business continuity – Businesses come and go, and enterprises should ask
hard questions about the portability of their data to avoid lock-in or potential
loss if the business fails.