With total market capital up in the billions of dollars, it’s a no-brainer that companies want to participate in the exponential growth of cloud computing.
Highlights for cloud computing include:
- Access is convenient – most people have Internet access nowadays, this is not to say that some don’t have access but the Internet is widely available via one mean or another
- Faster deployment – online instances reduce time constraints for planning and execution of on-premises implementations
- Scalability – as needs grow, so do the resources allocated for your instance(s)
It’s all there and ready for your partaking. Be it with Amazon, Google, Microsoft or what-have-you, services are readily available to be rendered. While looking for the best rates seems to be a top priority, which is understandable, another factor to take into consideration is the security of the providers. Being security-aware is imperative in ensuring that your data and business processes are well maintained.
Keep the following questions in mind while you consider cloud providers:
- What security does the provider offer, and what needs to be brought to the table by your company? Participants of Information Security Community on LinkedIn, a 400k membership group composed of cyber experts, stated that the top challenges in the cloud are data loss and leakage at 67% recognition, threats to data privacy at 61%, and breaches of confidentiality at 53%. These can be attributed to the lack of training of personnel and outdated security tools. 16% reported that the provided tools are not sufficient and 84% stated that the tools themselves simply don’t work or have very limited functionality. Of the biggest perceived threats, misconfiguration is the highest concern, followed by unauthorized access and improper access controls, then insecure interfaces or APIs. Ensure the proper training of staff, proper configuration and integration of provided tools or even 3rd party options, and expect the numbers to lower for your given scenario. Be sure to get some type of transparency from the provider in terms of what security services they offer and how they implement it. They might not give you the full detail but unless they give you something, you’re only going off trust at that point. Take it for what you will.
- What security and privacy standards does the provider adhere to? With the upcoming General Data Protection Regulation (GDPR) requirements taking effect in May 2018, if your company deals with a customer-base in the EU market, this is huge. Penalties can vary from 4% of worldwide revenue or 20 million Euros, whichever is higher. Cloud providers have servers spanning the globe. Storing data with them does not guarantee you’ll get the server closest to you and nowhere else, it may even be abroad in other countries. Albeit some providers offer different availability zones that allow data to be stored in a certain area; ask them about these options. Implement a layered secured model to ensure that various aspects are covered in the event of an issue; all hardware and software is prone to undisclosed vulnerabilities.
- Business continuity plans are vital to both your own company, as well as a cloud provider’s offered services. What is their plan to protect your continuity? For on-premise business continuity, having a failover is important to keep things moving forward in the event of a disaster. Hot or cold backup sites are available on the market and if staying up is critical, then locking down a solid continuity plan should be a big focus. Have various backups of data in different places for accessibility should the main go-to location go down. Should you utilize a cloud provider, you expect them to take care of that on their part. Ask them about their plan in the event of an outage at a site — how would that effect your company? What is an estimated time of recovery? Do they ensure backups of your data or does that fall on you? Even if the provider offers backups, professional recommendations are to have your own backups as well. Read more about a displeasing incident with a hosting company here.
- How secure are they? Regardless how big they might be, they are still targets of hackers who may try to penetrate their defenses. When data is in transit between local devices and the cloud, user tokens come into play to prevent the need for continual login for updating and syncing data. Besieged by data breaches, denial-of-service attacks, and account hijacking, or falling prey to man-in-the-cloud attacks, know how they will ensure the flow of work runs smoothly.
In summary, security and continuity should always be paramount regardless if conducting business on-premise or in the cloud. Proper planning and research will ensure that the provider of your choice offers the security required to protect your data and business, adhere to security and privacy standards set forth by various entities, ensure disasters won’t impede your business workflow, and that they are secure enough to do business with moving forward. – Emil Hozan
References
Lawton, S. (March 30, 2018). 5 Question to ask cloud services providers about security. Retrieved from https://www.scmagazine.com/5-questions-to-ask-cloud-services-providers-about-security/article/754917/
Ma, J. (December 14, 2015). Top 10 Security Concerns for Cloud-Based Services. Retrieved from https://www.incapsula.com/blog/top-10-cloud-security-concerns.html
Seals, T. (March 27, 2018). Cloud Security Concerns Surge. Retrieved from https://www.infosecurity-magazine.com/news/cloud-security-concerns-surge/
Wrinkler, V. J. R. (November 2011). Cloud Computing: Cloud Security Concerns. Retrieved from https://technet.microsoft.com/en-us/library/hh536219.aspx
Wycislik-Wilson, M. (March 6, 2018). 123 Reg backup cockup wipes out users’ websites since August last year. Retrieved from https://betanews.com/2018/03/06/123-reg-backup-cockup/