How to evaluate, choose and work securely with cloud service providers

Last updated:August 2014

Essential Guide

Browse Sections

Editor's note

In nature, clouds come in a variety of sizes and shapes, and the same is true in IT. Cloud service providers (CSPs) deliver a variety of cloud computing services, like infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS). The security risks inherent in using a CSP are varied, too. There's the threat of corporate espionage and data theft, but also of information contamination.

Yet the move to the cloud is increasingly inevitable. The way forward, then, is to prepare and choose one’s cloud service provider wisely. Take a proactive approach -- learn about the security risks and how best to minimize them -- before proceeding.

This guide focuses on how to work securely with cloud services providers. It considers the risks, reviews ways to evaluate and choose a CSP, and offers a thorough overview about assistance available from the Cloud Security Alliance. Reading this guide is a vital first step in moving any company information or services to the cloud.

1Cloud provider metrics and controls

Figuring out which CSP is best for your company is difficult but you're not alone: The nonprofit Cloud Security Alliance (CSA) promotes best practices for cloud computing, with a focus on security. It has an education program and also disseminates guidelines to aid both cloud vendors and companies moving to the cloud.

CSA programs like the Cloud Control Matrix and Cloud Trust Protocol provide potential cloud customers parameters by which to judge and compare cloud offerings. Read on to learn how CSA programs can make the tough chore of choosing a CSP a bit easier.