Finding the right public cloud provider is no picnic. You need to know your requirements and ask the right questions...
to make an informed decision.
First, data and workloads are always commingled across the provider's infrastructure. Providers can ensure data resides on specific servers or in certain data centers, but that goes against the premise of cloud computing -- and will cost a premium. Second, cloud providers are critical business partners and a level of trust is essential. If you don't trust your provider to meet service-level agreements (SLAs) or cannot tolerate the risks, look to another cloud provider or re-evaluate your cloud needs.
There are reasons to be confident about data separation when you select a cloud provider. To start, look for cloud providers familiar with your industry. Amazon Web Services touts compliance with U.S. Department of Defense (DoD) Level 3-5 authorization for sensitive workloads. That's important for government cloud users. Be sure the cloud provider understands your vertical market's needs and regulations. If you're a healthcare or retail organization and a prospective cloud provider doesn't meet HIPAA or PCI DSS regulations, move on.
Read every line of your cloud SLA and make sure you understand it. SLAs naturally benefit providers, so look for written discussions of data separation or geolocation commitments. That's your foundation for legal action after a breach. If the SLA doesn't guarantee geolocation limits on workloads and data storage, the provider is not obligated to comply. Additionally, don't get stuck with a provider that won't commit to geographic data separation in writing. Remember, SLAs change periodically, so watch for revisions that undermine data separation guarantees.
Look for transparency and auditing support. Is the public cloud provider open about government data requests, unauthorized access attempts, attack incidents and other issues? Unfortunately for users, many cloud providers do not reveal such information. To ensure regulatory compliance, the provider should be able to audit activity on your workloads and data stores. If not, then it's on to the next prospective provider.
Finally, consider the strength of the provider's access security. Organizations with sensitive data can receive additional security with multifactor authentication techniques beyond simple usernames and passwords -- including token-based authentication that uses USB dongles or physical credit cards. Strong authentication boosts virtual data separation security.
Stephen J. Bigelow is the senior technology editor of the Data Center and Virtualization Media Group. He can be reached at firstname.lastname@example.org.
Where are the top cloud providers of 2012 now?
Mission-critical apps need strong SLA in public cloud
Having a public cloud provider backup plan for hybrid cloud
Dig Deeper on Public cloud providers
Related Q&A from Stephen J. Bigelow
Before a company can take advantage of information rights management on the Exchange 2016 platform, administrators must ensure the server setup meets... Continue Reading
The information rights management feature in Exchange prevents unauthorized parties from viewing sensitive content. Admins can tailor the settings to... Continue Reading
Don't neglect form factor as part of your data center server selection. Instead, figure out what type of environment you need and learn what server ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.