SLAs crucial for cloud security

Read time 2min 40sec
Few service providers offer complete data and application security in the cloud, says Dimension Data's Grant Morgan.
Few service providers offer complete data and application security in the cloud, says Dimension Data's Grant Morgan.

Security is still the top concern of companies looking to migrate to the cloud. The good news is that this challenge is not insurmountable - with the right approach and the right service level agreements (SLAs).

So says Grant Morgan, GM for cloud at Dimension Data Middle East and Africa, who adds: "We are now starting to see real adoption happening on our cloud platforms, but the major concerns for customers are the security of data, the legislative implications of hosting data in foreign countries, the risks when applications are in the cloud, and what types of data should be stored in the cloud."

Morgan notes that chief accountability for data security will always rest with the enterprise itself. However, careful selection of the cloud service provider and the SLAs in place can help to mitigate any risks.

Morgan says there are tens of thousands of cloud service providers springing up, but only 20 or fewer can be regarded as global players, and only five are in Gartner's leaders' quadrant. Selecting a reputable partner already takes a company a long way towards ensuring data and application security in the cloud.

But, he notes, few - if any - service providers will accept unlimited liability for customers' data. The ultimate responsibility for governance, risk and compliance management rests with the enterprise. That said, many enterprises have successfully migrated critical data and applications to the cloud, he says.

"You need to look before you leap. There are few service providers who can do it properly."

Morgan says enterprises should assess what the cloud solution was built for - ask: is it for test and development only, or can we put production workloads in the cloud?

"There are quite a few other issues to consider - from what security standards and certifications the service provider complies with, to the entry and exit mechanisms, network transport, how you will manage and delegate ability for securing and administering the platform, and the various ways to protect connectivity to the platform," he says.

Among the SLA considerations that should be scrutinised are:

* Availability guarantees
* What local telephonic and onsite support is available
* Tailoring and customisation - the service provider's flexibility and SLAs on requirements that are out of the ordinary
* The performance parameters relating to latency and bandwidth
* Monitoring and information feedback on performance
* The client's ability to self-configure firewall parameters
* Data retention and backup guarantees
* Disaster recovery provisions
* What liability the service provider will take if data is lost
* What the service provider can secure and what it can guarantee

Morgan will address the upcoming ITWeb Cloud Computing Summit on the issue of cloud computing security and SLAs. For more information about this event, click here.

See also