How to protect your cloud data

18.12.2009
has taken a second run at creating recommendations for businesses to follow in order to better secure cloud services.

The new document aligns CSA's definition of cloud computing with that of the National Institute of Standards and Technology's () definition, which includes on-demand self service, broadband network access, resource pooling, rapid provisioning and scalability, and metered usage.

NIST also divides cloud services into three categories: software-as-a-service (SaaS) (applications supplied by the service provider); platform-as-a-service (tools and programming languages supported by the provider for customers to deploy their own applications); and infrastructure-as-a-service (provider supplies hardware platforms within its network for customer use).

"Security Guidance for Critical Areas of Focus in Cloud Computing V2.1" compresses some of the topics that were considered in the earlier draft, and comes up with more specific recommendations in each of the 13 areas the 76-page document contains.

The document recommends cloud providers adopt the ISO/IEC 27001 standard for information security management systems. Customers should find out if their providers are certified and if not what their plans are for getting certified. At the least, providers should show that their practices are aligned with those set down by ISO 27002.