Cloud Computing's Top Security Risk: How One Company Got Burned

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

Expectations between customers and vendors are so ill-defined in cloud computing that it's often not clear who is responsible for security or what the penalties are for failure. Here's the story of one company that got burned.

Virtualization and cloud computing haven't eroded the online security of most companies, analysts say. But they may be contributing to situations in which IT-service customers leave themselves vulnerable to attack because they assume their cloud provider is taking care of security.

"Security and cloud hosting are two separate things, but the cost of entry is so low, and often so simple, that customers may not do as much due diligence as they should to find out who's responsible for security," says Ezra Gottheil, an analyst who covers server issues for Technology Business Research.

Placement of responsibility for security in cloud computing arrangements is so ill-defined that Gartner felt it was necessary to list access to information about how a cloud service works and a service level agreement spelling out customer expectations and requirements in a report released this week.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Insider Resume Makeover: How (and When) to Break the Rules
Join the discussion
Be the first to comment on this article. Our Commenting Policies