imageteam - Fotolia
Finding the right public cloud provider is no picnic. You need to know your requirements and ask the right questions to make an informed decision.
First, data and workloads are always commingled across the provider's infrastructure. Providers can ensure data resides on specific servers or in certain data centers, but that goes against the premise of cloud computing -- and will cost a premium. Second, cloud providers are critical business partners and a level of trust is essential. If you don't trust your provider to meet service-level agreements (SLAs) or cannot tolerate the risks, look to another cloud provider or re-evaluate your cloud needs.
There are reasons to be confident about data separation when you select a cloud provider. To start, look for cloud providers familiar with your industry. Amazon Web Services touts compliance with U.S. Department of Defense (DoD) Level 3-5 authorization for sensitive workloads. That's important for government cloud users. Be sure the cloud provider understands your vertical market's needs and regulations. If you're a healthcare or retail organization and a prospective cloud provider doesn't meet HIPAA or PCI DSS regulations, move on.
Read every line of your cloud SLA and make sure you understand it. SLAs naturally benefit providers, so look for written discussions of data separation or geolocation commitments. That's your foundation for legal action after a breach. If the SLA doesn't guarantee geolocation limits on workloads and data storage, the provider is not obligated to comply. Additionally, don't get stuck with a provider that won't commit to geographic data separation in writing. Remember, SLAs change periodically, so watch for revisions that undermine data separation guarantees.
Look for transparency and auditing support. Is the public cloud provider open about government data requests, unauthorized access attempts, attack incidents and other issues? Unfortunately for users, many cloud providers do not reveal such information. To ensure regulatory compliance, the provider should be able to audit activity on your workloads and data stores. If not, then it's on to the next prospective provider.
Finally, consider the strength of the provider's access security. Organizations with sensitive data can receive additional security with multifactor authentication techniques beyond simple usernames and passwords -- including token-based authentication that uses USB dongles or physical credit cards. Strong authentication boosts virtual data separation security.
Stephen J. Bigelow is the senior technology editor of the Data Center and Virtualization Media Group. He can be reached at firstname.lastname@example.org.
Where are the top cloud providers of 2012 now?
Mission-critical apps need strong SLA in public cloud
Having a public cloud provider backup plan for hybrid cloud
Dig Deeper on Public cloud providers
Related Q&A from Stephen J. Bigelow
Though the Open19 initiative and Open Compute Project seem to have a similar goal, they do differ in type of support, hardware requirements and ... Continue Reading
A do-it-yourself approach with hyper-converged infrastructure can lead to trouble when software-defined features just won't work. See how the WSSD ... Continue Reading
With the right tools and resources, VM backup and recovery can be easier. Consider factors such as product compatibility and future business needs ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.