I've received a lot of questions lately about security in the Cloud and what CTO's should be considering when they are evaluating it. Here's my advice, treat the Cloud like an extension of your corporate or production network, don't treat it or hold it to a lower standards assuming that your cloud provider knows more than you.
If you have requirements that you can't get in your Cloud solution make sure that not getting those requirements constitutes an acceptable risk or trade-off. In evaluating a Cloud provider here are some critical questions to ask:
1. What is the Authentication and Authorization required for access into the Cloud account?
2. When you're using the Cloud ask yourself the question “where is my data?”
3. What are some of the steps a network admin. should take to secure the Cloud and what are the reasons behind these steps?
It depends on the level of security your company is seeking but it's imperative that the Cloud has a layer of security to protect users and their content being stored. Cloud providers use two-factor authentication to protect data and accounts from being compromised. Read more about two-factor authentication and how it can protect your Cloud users.