By Mae Kowalke 

The acronym CIA is probably associated most commonly with the U.S. Central Intelligence Agency. But, in the realm of security for cloud services, CIA stands for Confidentiality, Integrity and Availability. These lie at the core of how to most securely store and transport data in cloud.

To gain trust from enterprise customers, cloud service providers must prove they are qualified to address customer concerns. Opportunities abound if they are able to prove that, because cloud services have many advantages for enterprises.

“Enterprises want transparent solutions that protect their data while making it accessible,” said Alcatel-Lucent’s Serge Tapia, head of security compliance, and Arnaude Fillette, security solution architect, in an Enriching Communications article, “Where’s My Data? Securing the Cloud.”

That nicely sums up the advantages of enterprise cloud services: transparency, accessibility, and security. Tying these things together requires strong governance guided by best practices.

In the EC article, Tapia and Fillette explored four keys to successful cloud security.

1. Data protection and integration

In this area, the trick is recognizing that all enterprises are not the same even when it comes to things like protecting confidential data. Data classification lies at the root of the challenge.

“It is imperative that data classification be aligned with the customer expectations,” Tapia and Fillette stressed.

Data location requirements also vary from one enterprise to another. There’s no one-size-fits-all solution.

2. Compliance

Because cloud computing is so new, there are not yet established global standards for security. Until that changes, successful providers will keep pace with developing standards, contribute their own expertise to the specifications being created, and apply best practices learned so far within the industry. 

“Adherence to recognized industry standards can help facilitate customer discussions and certification processes,” Tapia and Fillette noted.

3. Regulatory and legal requirements

Although worldwide standards for cloud security are still in the works, enterprises still have to follow established rules for security data. Many enterprises use the Evaluation Assurance Level (EAL) system to gauge their security level, and cloud providers can leverage this tool as well. 

“Security consulting services can also help providers address regulatory or legal requirements,” said Tapia and Fillette. “It is particularly important that security consultants be involved in the initial stages of the cloud project.”

4. Protection against targeted attacks

While direct security attacks tend to be of most concern for high-profile enterprises, other types of threats – such as employee corruption – are a universal threat. As with any other type of computer system, technology combined with human screening tactics are needed to protect data in the cloud.

“Security consulting and threat analysis can help cloud providers ensure that appropriate security solutions and operational tools are in place to help customers detect targeted attacks,” Tapia and Fillette suggested.

It’s clear that cloud security requires ingenuity, flexibility, and customization.

“Cloud providers can deliver superior security and win more business by working directly with customers to develop relevant, security-focused service level agreements (SLAs),” Tapia and Fillette concluded. “They can also leverage highly secured cloud infrastructures to propose new security services to customers who cannot afford to develop secure services internally.”