The move to cloud computing services is a big one for most IT organizations. But nowhere is the change more profound than in security, where the use of cloud services introduces a whole new array of questions and concerns.
While moving even in part to a cloud model is a big change for many reasons, the most significant difference is a loss of direct control. Just as security groups often struggle with managing security inside a corporation when in a governance role, we struggle even more with governing the security of assets that no longer sit within our own data center. The challenge is to develop and implement a strong governance model for these cloud offerings that ensures that security is part of the conversation.
The type and size of provider you’re dealing with can make a big difference in terms of how robust its security program is, the types of controls it has in place, and the amount of leeway you will have in contracts.
Read the rest of this article on Dark Reading