Although cloud computing is becoming a household phrase, uptake of this radical new paradigm is to some extent being restricted by security-related concerns. Enterprises especially are reluctant to rely on a solution they don’t fully understand, and one which just might pose security risks.
Regardless of how secure providers profess their systems and solutions to be, the fact is that high profile outages and security issues have dented confidence in cloud-based options, and cloud customers need an insight into the potential difficulties inherent in the cloud. Some basic strategies can though help safeguard companies against possible threats. Here are some ideas on knowing your provider and keeping your cloud-based data secure.
Trusting your provider is key, and key to trusting your provider is trust in the companies your cloud provider trusts. It is all very well doing a background check on a provider, but unless the same background check is done on the third-party providers that underpin a cloud provider’s service, then you really do not know exactly the nature of companies that just might have access to your sensitive data. In particular, establish whether there is a hosting company behind your provider’s cloud, and ensure they have been independently vetted for security.
If your cloud provider’s basic performance is problematic, they are probably going to have security issues – if they can’t manage a basic cloud service, how much effort are they putting into keeping their cloud secure? Look at a provider’s reliability records. If there are holes, probably best to move on to another provider.
Basic Security Procedures
Beyond checking your provider, some of the basic procedures that companies employed with their more traditional hosting and IT solutions also pay dividends as far as cloud security is concerned. How companies assign passwords, and who to, is just as important in the cloud as it was when you had your own servers.
It is great to have the latest and greatest software, but if your cloud provider is going to make changes without informing you, chances are this is going to impact your security settings. And that means the potential for security threats. Establish how your provider will manage updates and get assurances that changes won’t impact security.
Where is the Data?
Unless you know exactly where your data is going to be stored, you have no idea which data laws will apply as far as your data is concerned. Will the US Patriot Act mean the US government will be able to access your data? Or will it be located in the UK and under the jurisdiction of multiple European countries? Find out before you lose out!
So, as you can see, background checks are good - applying the same checks to your provider’s providers even better. Make sure that your provider can manage his/her business effectively, if not, security is probably way down his/her list of priorities. As far as the cloud is concerned, apply the same approach to security as you applied to your server – just who has your passwords anyway? Make sure that a provider’s updates aren’t going to leave you widen open to a range of threats, and most of all, ensure you know where your data is and who might be snooping on you! If you do all of the above, your visit to the cloud could be a pleasant one.