Is Your Cloud Computing Vendor Secure?
Cloud companies pay accounting firms for SAS 70 certifications just as the financial organizations paid Moodys for an investment-grade rating. Can that really be safe?
As the debate over security in the cloud continues, it's tough to know whether a cloud computing vendor's claims about security are sound. Can you trust them with highly sensitive data and business critical processes? Your entire business may rest on your ability to evaluate their level of security.
In "How Cloud Computing Security Resembles the Financial Meltdown," at our sister site, Datamation, James Maguire asks the question, "When vendors make claims about their nearly absolute level of safety, should you just...take their word for it?"
In his answer, Maguire examines the SAS 70 certification, a set of auditing standards used to measure the handling of sensitive information. Created by the American Institute of Certified Public Accountants, SAS 70 was around before cloud computing, and has been shoehorned into use by vendors seeking an impartial third party credential to reassure nervous cloud customers.
But, as Maguire points out, the system bears some unsettling similarities to the circumstances that led to our nation's recent financial meltdown.
To find out more, read the full story at Datamation.
By Lisa Phifer
April 26, 2010
InfoSec practitioners gather in Orlando to better defend against emerging privacy, Web 2.0, and Internet security threats.