Intel Guidance on Vendor Selection
Choosing a cloud security provider is complicated on many levels. The cloud delivery model you choose dictates what type of solution vendor or cloud services provider you will engage. Even with that decision made, the vendor landscape is characterized by countless interdependencies and relationships, both technological and business related, among vendors. And some companies offer not only software, but also hardware and services. Whether you are implementing a private cloud on- or off-premises or a hybrid model that includes access to public cloud services, security must be a strong component of your solution. You need to evaluate how security is built into your cloud solution and what security measures are provided to protect data, platform, and access to the cloud. General considerations related to security include: • What is the cloud architecture? • Does the solution enable you to meet industry or regulatory compliance requirements? • Does the solution deploy hardware-based security to support trusted server pools? • How are systems, data, networks, management, and provisioning segmented? • What type of attack monitoring and reporting is available? • What is the company’s long-term strategy for the product you are evaluating? • Is the vendor financially stable? In addition, considerations for hosted or managed cloud solutions should also include: • What are the provider’s data center risk management and security practices? • What auditing capabilities are provided? • How does the provider predict and manage system availability and performance? • How quickly does the provider respond to attacks, and what recovery methods are used? • Are the limits of responsibility for security by the provider clearly defined?
Cloud Security Planning Guide
For more detailed information about choosing the right cloud services provider, and for additional information on planning security in the cloud, see Intel’s Cloud Security Planning Guide. In 2009, Intel IT began moving the Intel enterprise to a private cloud and exploring the use of external cloud services for certain applications. The Cloud Security Planning Guide is the result of our experiences during our ongoing cloud journey, as well as working with cloud providers, virtualization and security solution vendors, OEMs, and large enterprise customers.
Intel IT Center Vendor Round Table | Cloud Security