With desirable benefits such as on-demand capacity, scalability, and flexibility, the cloud is essentially the ideal platform to support businesses and the only way forward is expansion. There’s such a range of advantages that cover everything from financial benefits (so the finance team are kept content) to not having to worry over the issues that come with installing and maintaining hardware in data centres that simply don’t have enough storage, power or cooling (so the IT team are happy also). Handing responsibility over to a cloud provider that makes the promise they’ll be accountable for all areas covering performance and storage is a fairly attractive offer.
These aspects, however, aren’t the only things you should be taking into consideration when undergoing a cloud project. It’s the responsibility of companies to be beyond doubt that it’s the correct move for their business. The amount as well as type of information that is to be placed and moving within a cloud infrastructure, needs to be considered. So, whether it’s an upcoming move to the cloud, or one that’s already occurred, businesses should focus on the security of the data they are placing in the cloud infrastructure.
Here are several reasons why:
Attacks that usually focus on-premise data centre environments are moving over to the cloud – Attacks like brute force attacks, malware, or botnets which are common to on-premise centres are now additionally targeting cloud environments. With more users heading over to the cloud, more attacks will follow.
The breadth and depth of attacks in the cloud demonstrates threat diversity is on the rise – Within the last year there has been an increase in the range of existing attacks that threaten companies in the cloud. Companies should be devoting as much attention to the security of their data in the cloud, as they normally would otherwise.
The solutions conventionally relied upon to fight these threats aren’t enough – Through a honeypot project new attack patterns and emerging threats were found. While a disturbing fact, it’s also quite interesting that 14% of the malware obtained was regarded as undetectable by 51 per cent of the world’s top anti-virus vendors.
Although, there’s some good news – companies can do a lot to protect themselves; first of all they need to be educated on what is required by their business and applications from a security and compliance point of view.
To be absolutely confident that the provider is taking the security of your data with sincerity, you should ensure the cloud provider can answer the following questions confidently:
1.What is their data encryption strategy and how is it implemented?
Encryption is the ideal protection method; you want the cloud provider to know who controls the keys and what encryption standard is used.
2.What is the hypervisor and provider infrastructure patching schedule?
With a rise in exploits, to minimise threats to the data the provider should update and patch the infrastructure frequently.
3.How do you isolate and safeguard my data from other customers?
Usually providers house data for several companies, you should inquire how the data is kept separate and what controls they have to prevent accidental sharing.
4.How is user access monitored, modified, and documented?
Separation of duties need to be in place so the provider’s administrator doesn’t have complete control or authority over your data.
5.What regulatory requirements does the provider subscribe to?
A great sign that the provider takes the integrity of your data seriously is when they stick to industry standards.
6.What is the provider’s back-up and disaster recovery strategy?
Ensure everyone knows what exactly they’re responsible for and find out what the track record is in availability.
7.What visibility will the provider offer your organisation into security processes and events affecting your data from both front and back-end of your instance?
This is imperative – if an incident needs investigating, you should know every bit of information available to you to figure how why and why it occurred, but more importantly – how the action was solved immediately.
These are just a small example of questions you would want to ask your service cloud provider when it comes to the security of your critical data within the cloud, whether the project is a new one of you’ve been with one for years. Based on the answers given, you should be able to select the cloud platform that is most beneficial for your business and offers you the most transparency on their security offerings; just how competently the answers are will also help you judge how secure your data is with that provider, and how seriously they are taking the security of information that is vital to the success of your business.
