Security for Cloud Computing: 10 Steps to Ensure Success Version 2.0

CSCC Security for Cloud Computing 10 Steps to Ensure Success

This deliverable written by the CSCC contains best practices for cloud computing security.

Failure to ensure appropriate security protection when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of cloud computing.

The aim of this guide is to provide a practical reference to help enterprise information technology (IT) and business decision makers analyze the security implications of cloud computing on their business. The guide includes a list of steps, along with guidance and strategies, designed to help decision makers evaluate and compare security offerings from different cloud providers in key areas.

The section titled "Current Cloud Security Landscape" provides an overview of the security and privacy challenges pertinent to cloud computing and points out considerations that organizations should weigh when migrating data, applications, and infrastructure to a cloud computing environment.

The section titled "Cloud Security Guidance" is the heart of the guide and includes the steps that can be used as a basis for evaluation of cloud provider security. It discusses the threats, technology risks, and safeguards for cloud computing environments, and provides the insight needed to make informed IT decisions on their treatment.

The section titled "Cloud Security Assessment" provides customers with an efficient method of assessing the security capabilities of cloud providers and assessing their individual risk. A questionnaire for customers to conduct their own assessment across each of the critical security domains is provided.