Security: Is the Cloud safe ?

August 17, 2016 by Milagros Gamero

While some people still associate the cloud with a lack of security, perceptions are changing.  Proponents of the cloud industry say it is very safe, and highlight that like any other purchasing decision, corporations must do their due diligence and ensure that they choose an established supplier.

First, make sure you’re ready to go “cloud”

One place to start is to look at their reference customers.  Are companies within regulated industries using them?  Test the service and do not have your first encounter with cloud using highly sensitive applications or databases, but get a feel for how the environment works with a less important set of information.

Large companies with IT teams and security experts should make sure that those teams are involved in the due diligence process, and if they don’t have professionals in-house, engage with an independent consultant.

5 things to consider when choosing a provider

Before choosing a provider, consider the following questions, which can help your business and your data in the long run:

  • What are their data center security policies? These should be at least equal to if not better than your own internal policies.
  • How do they handle change management?
  • What are the arrangements for firewalls and access control?
  • Do you fully understand and agree on service levels with the cloud provider including data recoverability?
  • What will happen to your company’s data on the termination of a cloud service contract?  Remember, it’s important to consider how the data will be returned to you and what happens to the cloud infrastructure.  For example, will the disks the data was stored on be destroyed or overwritten?

What’s safer - public or private cloud?

One of the difficulties people have with cloud storage is that they do not understand how the cloud works.  For example, whether data is easier or more difficult to protect in a cloud infrastructure as opposed to traditional on premise infrastructure.

Businesses must understand that in many cases the difficulty level is the same. Cloud providers will often undertake the same checks and balances and use the same protection. Those cloud service providers who operate systems for various clients may be more secure than on-premises platforms. Though those using a public cloud, where several organizations are using the same applications and/or infrastructure, can provide data security issues because of access control.  What’s more other considerations, such as anti-virus software, firewalls and encryption are equally important whether on-premises or in the cloud.

Share the responsibility

Regulators have also displayed their commitment to safeguarding data, including what is in the cloud, through a raft of recent legislative activity.  New EU legislation, GDPR for example, is aimed at simplifying and updating data legislation unifying different regulation regimes under one umbrella. It will mean that cloud providers, as well as data owners, will be liable for data breaches that occur.  At the moment, it is the data owner, rather than the hosting company that is liable.  There is also a specific level of fines for data breaches, which is up to five per cent of a company’s annual turnover.  The effect on cloud providers and hosting companies will be significant and they will have to get their house in order to avoid potential punitive fines.

The cloud is fast becoming the easiest and most cost effective storage solution for businesses, but if cloud providers want to truly succeed they must not only convince businesses that the cloud is secure, but will need to be even more stringent with data to convince regulators that they can safeguard data effectively.

Top tips for staying safe in the cloud

  1. Make sure to test the service before you sign over your application or database to a cloud provider.
  2. Does your business have access to IT security experts?  Get them involved in the due diligence process.
  3. Check your cloud provider’s security policy.  It should be at least as reliable as your business’ internal policy.
  4. Know who the key contacts are at the cloud provider should there be a data leak or loss.
  5. Understand your cloud provider’s back up schedule.  Is it incremental?  Is it real time?  How far back do backups go?