Go to School on Cloud Security

IT solution providers need to do their homework – especially when it comes to security – if they plan to do business in the cloud computing market.

“You need to educate yourselves on what your cloud provider is including or not including in a service level agreement,” advised Wendy Frank, president, Accell Security Inc. “Customers are going to rely on you. You need to understand what’s included and what happens if something goes wrong.”

Frank spoke today at a meeting of the CompTIA Cloud / SaaS Community. The gathering is part of the CompTIA Annual Member Meeting, which continues through Thursday.

The cloud computing environment “can be fertile ground for an attack,” according Frank. Risks can be uncontrolled and unforeseen. “The security landscape is terrible and it’s getting worse, not better.”

Good security starts by working with customers to implement strong security measures at the end-user level. This should include policies and procedures, regulatory and compliance requirements, continuous monitoring and training for everyone.

On the other side of the equation, IT solution providers need to learn as much as they can about the cloud service providers they’re doing business with. Encryption practices, authentication and data disposal are just a few of the many areas that need to be addressed, she said.

“What are your rights and your end-client rights in the event of a security breach?” Frank said. “If this is not negotiated and figured out ahead of time, it can be very expensive and very difficult to address after a breach has occurred.”

“It’s all about risk, what you can do to minimize the risk and what level of risk you and your client are willing to accept,” Frank concluded.

 

CompTIA Cloud Community 2.0

Also during Tuesday’s session, Community Chairman John Rice challenged the group to help shape the future of the CompTIA Cloud / SaaS Community, Version 2.0.

 

“What can this group do to change the business that will leave an impact on the industry?” asked Rice, senior director, partner community, Intermedia.

 

Meeting attendees engaged in a spirited discussion on the vision and future agenda for the community. Areas within the cloud computing market that require additional definition and education include virtual desktops; mobile device management; unified communications; partnerships, privacy and security; business process improvements and managing customer expectations.

 

The group also agreed to further explore whether there is a need and a value to creating a cloud computing business credential or trustmark for vendors, solutions providers or cloud service providers.