Security and data protection are key concerns for any cloud solution. I truly believe that this is also one aspect that you cannot just improve over time. No matter how agile you are security needs to be there by design.

Unfortunately most cloud vendors/SaaS-providers still don’t tell enough about the way they protect customer data – which we know is a bad idea.

From that perspective you might find this case study which Microsoft has just posted worth reading: Systems Manager Offers Security-Enhanced, Hosted Solutions with Programming Framework. The case study lists some of the technologies used in Quest OnDemand – Quest Software’s Systems Management as a Service product family.

There’s more to security than just encrypting internet traffic. The case study discusses how latest technology such as Windows Identity Foundation and Active Directory Federation Services 2.0 helped us make sure that customers are always in control of their data, which includes not just protecting data from those who should not have access (including Quest’s own engineers!) to it but also a convenient and secure way to delegate access to those who should.

I hope this helps you get a good overview to one of the approaches to cloud security. Read the case study here.