Q

How transparent should a provider be with its cloud security policy?

Cloud security policy should make procedures clear without revealing all the technology at work, says cloud expert Mooney Sherman.

In terms of cloud security policy, where should we draw the line with transparency? How much should we divulge?

The policies, procedures, standards and controls should be clear, but you don't need to divulge the actual technologies used. How you report adherence to these policies needs to be thorough, however. A good cloud security policy should give customers access to historical data on performance, outages and the nature of breaches, as well as the remediation actions, if any, the provider has taken to mitigate or prevent similar problems in the future. You should also divulge the hiring practices of personnel and what background checks are conducted. For example, customers will want to know: Are background checks only conducted during the hiring process, or are they also conducted regularly during employment? Are the employees required to sign a non-disclosure agreement during and after the employment?

This was first published in January 2013

Dig deeper on Cloud Security Issues and Cloud Security Services

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchITChannel

MicroscopeUK

SearchTelecom

SearchAWS

SearchCloudStorage

SearchCloudComputing

SearchCloudSecurity

SearchCloudApplications

Close