There are many options when trying to assess the security posture of your application and its hosting environment. Some choose to start from the top of the stack down and look at the application directly, while others might look at the supporting infrastructure first, including the network itself, the firewall rules, running services, and web server configurations. Regardless of the approach, enterprises must protect the integrity of their application and data by proactively identifying potential attack vectors or vulnerabilities. Certain regulation and standards even require periodic vulnerability assessments.
One of the common questions we hear from customers who are moving to the cloud is about security. Many times customers believe that security is something they have to take on by themselves or something that is automatically taken care of by a cloud provider.
This is the third in a series of posts that will drill deeper into cloud security and some of the key questions it sparks. In the second installment, I highlighted the spheres of responsibility and looked at which security components are Rackspace’s responsibility, and which are the customer’s. In this installment, I will discuss the physical security measures Rackspace has in place to protect its cloud customers’ data.