Information security issues need to be addressed by both the users and the providers of cloud computing.
It is important for users of cloud computing to recognize that information security responsibilities do not disappear within a cloud computing model. The primary responsibility for information security remains with the owner of the information, not with the service provider. This responsibility includes ensuring that all security requirements are satisfied in their implementation of the cloud computing model, even where services are out-sourced to an external provider. General security concerns include the following.
Providers of cloud computing services recognize that their ability to compete in the highly competitive cloud computing marketplace is influenced by the perceived security of their services. They address this in their business plan, which typically includes their concept of operation. They recognize that they have a business interest in delivering a secure solution for their customers, including both the technical and operational exposures of their solution.
Technical exposures include the information security vulnerabilities inherent in their service architecture, their systems and other underlying components.
Operational exposures include the information security vulnerabilities inherent in operating the cloud computing provider's solution.