The NIST report also highlights the need for organizations to pay attention to the architecture employed by the cloud provider, its support for identity and authentication mechanisms, and the controls it has for securing its servers and the data residing on them.
Such issues should be considered and addressed during the planning stages, not after cloud-based applications and data are deployed, Grance said.
Most large cloud computing providers aim to deliver cloud services at commodity prices by taking advantage of economies of scale, Grance said. Consequently, cloud providers typically aren't aware of the security and privacy requirements of individual organizations.
Sometimes, organizations may find that service agreements are not adequate for their needs. In such situations, organizations should negotiate agreements with their cloud providers in much the same way they would with an outsourcing agreement. But such negotiated agreements could make cloud computing less cost-effective, Grance added.
To Continue Reading: Click Here
-------------------------------------------
Source: computerworld.com
By: Jaikumar Vijayan
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment