Cloud computing has become popular because the enterprise is constantly looking to cut costs from outsourcing of software, as a service (as a service) to third parties, thereby allowing them to focus on their main business activities. . With cloud computing, ventures save on setting up their own IT infrastructure, which would otherwise be expensive as initial investment on hardware and software as well as continuous maintenance and human resources costs.
According to Gartner’s report on Cloud Security , enterprises require new skill sets and face the challenges of cloud protection. Enterprises need to see that their cloud service provider has “most ticking” and they need to address their security concerns. Being a new area of IT with no specific standards for cloud computing security or data privacy, Cloud Security continues to present managers with many challenges. Your provider needs to be able to address some of the following issues:
Access Control / User Authentication: How is Access Control Managed by Your Cloud Service Provider? To be more specific, do you have the option to access the role of resources in the cloud? How is password management process controlled? How is your organization’s information security policy compared to access control?
Regulatory Compliance: How do you integrate regulatory compliance issues with data in a completely different country or place? How about data logs, events and monitoring options for your data; Does the provider allow for audit trails that can be a regulatory requirement for your organization?
Legal issue: Who is responsible for the data violation? The legal framework of the country in which your cloud provider is based, Vi is your own country? Which contracts you have signed and in case of legal disputes, what issues have you covered / discussed with the provider? How is the data organized about local law and jurisdiction? Are you aware of the conflicting rules on data and privacy? Have you asked all the right questions from your provider?
Data protection: Is your data safe in the cloud? How to get on-the-cloud and on-the-go about man-in-the-middle attacks and trojan problems What are the encryption options provided by the provider? Another important question is to ask; Who is responsible for the encryption / decryption key? . Apart from this, you will find that cloud providers work with many other third parties, who may have access to your data. Do you have all these concerns addressed by your provider?
Data Separation / Isolation: Your provider can host your data with many other clients (multi-tenancy). Have you been assured that it is different from the data from other clients of the data provider has gone? According to Gartner’s report, a good practice to find out “what is done to isolate the data to rest”, 
Business continuity: What is the acceptable cloud service over time, which you have agreed with your provider? Do these downtime compare to your organization’s acceptable time policy? Is there any penalties for downtime, which can cause a commercial loss? What are the steps taken by your provider to ensure continuity of business and the availability of your data / services, which are hosted on their cloud infrastructure in case of disaster? Does your provider have the option to replicate data on multiple sites? How easy is it to restore data when a requirement arises?
Cloud service providers have enhanced their efforts in addressing some of the most pressing issues with cloud security. In response to the cloud security challenges, an umbrella non-profit organization called Cloud Security Alliance was formed, some of which include: Microsoft, Google, Verizon, Intel, McAfee, Amazon, Dell, HP.
As more and more organizations go to the cloud for communication services for web-based applications, storage and mission-critical processes, it is necessary to ensure that cloud security problems are addressed.
Article Source: http://EzineArticles.com/6782893