Rather than being an inhibitor to take up of cloud computing, the use of cloud services can actually improve an organisation's security stance. Cloud delivery is suitable for a range of security services from basic ones such as malware protection to more advanced offerings such as security monitoring and application security. However, it is not only the delivery of security services that improves security, but rather the fact that responsibility for many security functions is placed in the hands of a third party that must itself have developed a highly secure infrastructure in line with best practice and good governance objectives. These incorporate a wide range of security controls and the services provider will be able to attest to the quality and security of its services through management reports and audit trails.
This paper discusses the different aspects of security provided in the cloud and provides pointers to the remaining issues regarding cloud computing of which organisations should be aware, providing pointers to best practices to ensure that the services provided are as secure as possible.