I have been working/reviewing a cloud application where data security has been shown as top security concerns for most of the customers. Following are key areas for consideration when planning for security for your cloud applications:
- Internal theft: One of the most crucial security thefts come from unscrupulous employees who can pass/leak data to the competitors. The customers using the cloud applications are suggested to advise their employees on this front.
- Physical access control & monitoring: The physical access to the data center hosting the cloud application should be restricted and monitored at all times.
- Login access control: Only authenticated users should be allowed to login.In addition, the authenticated users should be able to access functions that they are eligible to access.
- Audit Trail: Each authenticated & authorized usage is tracked to find out who logged in, their usage patterns and related data. This also takes care of threat from repudiation.
- Data transport: To secure data which is moving over internet, the data is encrypted and transported over secure socket layers (SSLs).
- Firewall: Strict firewall policies are put in place to restrict only authentic customer’s data to the application.
- Fire & natural calamities: Proper disaster recovery strategies need to be in place for ensuring that customers data is always safe and secure.