Security has been vastly improved in cloud based services, but Gartner research vice president Jay Heiser said in an online presentation to his firm's clients that the highest level of security in the cloud is not here yet and may take a long, hard climb to get there. Businesses and government organizations still hold back from putting their sensitive data in the cloud and likely will continue to harbor concerns stronger controls are in place.

In the "Prepare for and Minimize the Security Risk of Cloud Computing" presentation, he said finance departments and companies are more conservative about the cloud than smaller businesses, but the issue that may most influence opinions is the transparency of the cloud provider. Businesses can find providers who will tell them just what is required and what best practices are, but others have been reluctant to provide clear details regarding their services. In fact, Gartner found most customers are disappointed with the service level agreements and how they handle cloud security.

Cloud standardization still has a long way to go as well, Heiser said, as the impact of FedRAMP and CSA rules re still years off, even though the security measures these standards try to instill are worthwhile. Until things do safer in cloud based services security, Heiser said companies and government entities making way into the cloud need to evaluate their security options and potential platforms as best as they can by asking questions and being critical of cloud provider. It will also be important to evaluate the type of data being migrated and identify where it will reside once hosted in the cloud.

Critical best practices for cloud security
Although an option that will completely lock down security in cloud computing services may not be here yet, Net-Security said there are some best practices that companies can follow, including inspection of the network via security software, logical separation of data, network security techniques and physical security.

"Facilities should be hardened with climate control, fire prevention and suppression systems, and uninterruptible power supplies, and have round-the-clock onsite security personnel," the website said. "Look for a provider that offers biometric capabilities, such as fingerprints or facial recognition, for physical access control, and video cameras for facility monitoring."