The answer to this question can be found in the old Russian maxim, which was often quoted by President Ronald Regan: trust but verify.
Cloud services are outside the direct control of the customer organization; this means that a governance based approach is needed. This approach allows trust in the CSP to be assured through a combination of internal processes, standards and independent assessments.
In this podcast recorded at RSA Conference Europe 2012, Mike Small, an analyst at Kuppinger Cole and member of ISACA, offers his top ten tips for assuring cloud services.
Press the play button below to listen to the podcast:
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.