imageteam - Fotolia
Finding the right public cloud provider is no picnic. You need to know your requirements and ask the right questions to make an informed decision.
First, data and workloads are always commingled across the provider's infrastructure. Providers can ensure data resides on specific servers or in certain data centers, but that goes against the premise of cloud computing -- and will cost a premium. Second, cloud providers are critical business partners and a level of trust is essential. If you don't trust your provider to meet service-level agreements (SLAs) or cannot tolerate the risks, look to another cloud provider or re-evaluate your cloud needs.
There are reasons to be confident about data separation when you select a cloud provider. To start, look for cloud providers familiar with your industry. Amazon Web Services touts compliance with U.S. Department of Defense (DoD) Level 3-5 authorization for sensitive workloads. That's important for government cloud users. Be sure the cloud provider understands your vertical market's needs and regulations. If you're a healthcare or retail organization and a prospective cloud provider doesn't meet HIPAA or PCI DSS regulations, move on.
Read every line of your cloud SLA and make sure you understand it. SLAs naturally benefit providers, so look for written discussions of data separation or geolocation commitments. That's your foundation for legal action after a breach. If the SLA doesn't guarantee geolocation limits on workloads and data storage, the provider is not obligated to comply. Additionally, don't get stuck with a provider that won't commit to geographic data separation in writing. Remember, SLAs change periodically, so watch for revisions that undermine data separation guarantees.
Look for transparency and auditing support. Is the public cloud provider open about government data requests, unauthorized access attempts, attack incidents and other issues? Unfortunately for users, many cloud providers do not reveal such information. To ensure regulatory compliance, the provider should be able to audit activity on your workloads and data stores. If not, then it's on to the next prospective provider.
Finally, consider the strength of the provider's access security. Organizations with sensitive data can receive additional security with multifactor authentication techniques beyond simple usernames and passwords -- including token-based authentication that uses USB dongles or physical credit cards. Strong authentication boosts virtual data separation security.
Stephen J. Bigelow is the senior technology editor of the Data Center and Virtualization Media Group. He can be reached at firstname.lastname@example.org.
Where are the top cloud providers of 2012 now?
Mission-critical apps need strong SLA in public cloud
Having a public cloud provider backup plan for hybrid cloud
Dig Deeper on Azure, Google and other public cloud providers
Related Q&A from Stephen J. Bigelow
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading
Senior technology editor Stephen Bigelow breaks down how AWS Storage Gateway can trip up users' hybrid cloud strategies. Beware these issues with ... Continue Reading
There is a small list of enterprise-class deployments and integrations known to run on VMware Cloud on AWS, but not all complex workloads are suited ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.