imageteam - Fotolia

Manage Learn to apply best practices and optimize your operations.

How do I know my public cloud provider keeps data separate?

The public cloud comes with risks, so it's imperative to trust a cloud provider. What should you look for to ensure your provider meets your needs and expectations?

Finding the right public cloud provider is no picnic. You need to know your requirements and ask the right questions to make an informed decision.

First, data and workloads are always commingled across the provider's infrastructure. Providers can ensure data resides on specific servers or in certain data centers, but that goes against the premise of cloud computing -- and will cost a premium. Second, cloud providers are critical business partners and a level of trust is essential. If you don't trust your provider to meet service-level agreements (SLAs) or cannot tolerate the risks, look to another cloud provider or re-evaluate your cloud needs.

There are reasons to be confident about data separation when you select a cloud provider. To start, look for cloud providers familiar with your industry. Amazon Web Services touts compliance with U.S. Department of Defense (DoD) Level 3-5 authorization for sensitive workloads. That's important for government cloud users. Be sure the cloud provider understands your vertical market's needs and regulations. If you're a healthcare or retail organization and a prospective cloud provider doesn't meet HIPAA or PCI DSS regulations, move on.

Read every line of your cloud SLA and make sure you understand it. SLAs naturally benefit providers, so look for written discussions of data separation or geolocation commitments. That's your foundation for legal action after a breach. If the SLA doesn't guarantee geolocation limits on workloads and data storage, the provider is not obligated to comply. Additionally, don't get stuck with a provider that won't commit to geographic data separation in writing. Remember, SLAs change periodically, so watch for revisions that undermine data separation guarantees.

Look for transparency and auditing support. Is the public cloud provider open about government data requests, unauthorized access attempts, attack incidents and other issues? Unfortunately for users, many cloud providers do not reveal such information. To ensure regulatory compliance, the provider should be able to audit activity on your workloads and data stores. If not, then it's on to the next prospective provider.

Finally, consider the strength of the provider's access security. Organizations with sensitive data can receive additional security with multifactor authentication techniques beyond simple usernames and passwords -- including token-based authentication that uses USB dongles or physical credit cards. Strong authentication boosts virtual data separation security.

Stephen J. Bigelow is the senior technology editor of the Data Center and Virtualization Media Group. He can be reached at

Next Steps

Where are the top cloud providers of 2012 now?

Mission-critical apps need strong SLA in public cloud

Having a public cloud provider backup plan for hybrid cloud

Dig Deeper on Azure, Google and other public cloud providers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.