Five Tips for Effective Cloud Security
1. Find out as much as you can about a software-as-a-service provider's security measures and infrastructure. MY COMMENT - I could not agree more; know who you are working with. I tell you this based on my own, real world experience.
2. Encrypt data at rest and in transit. MY COMMENT - Amen, brother! Encrypt, encrypt, encrypt! That is what I believe and that is what every security presenter at Microsoft's TechEd 2010 event told their audiences.
3. Divvy up responsibilities between your administrators and the service provider's administrators. MY COMMENT - This might not always be possible, especially if your firm is a small company.
4. Check whether a vendor has been accredited as meeting SAS 70 Type 2 and ISO 27001 security standards. MY COMMENT - These accreditation can be expensive to acquire, so smaller SaaS vendors might not be able to afford such a luxury. SAS and ISO are what you call "check box" security.
5. Go with a high-end service provider with an established security record. MY COMMENT - If you can afford a Mercedez, you'll buy the Mercedez every time. If you can only buy a Honda, buy the Honda because you need that car to drive to work.
Courtesy of Computer World.