The Cloud: The Future of Security
The cloud seems to be everywhere. Businesses in virtually every industry are recognizing the benefits cloud computing provides, as well as their own need to begin migrating at least some services to the cloud so that they are not perceived by employees or customers as lagging behind the technology curve.
While the advantages of the cloud are many – and include everything from reduced spending on technology infrastructure and software to improved productivity, accessibility, and flexibility – the shift to the cloud is often accompanied by concerns about data security. This is particularly true in industries that are heavily dependent on maintaining the privacy of personal and financial information, such as the banking industry, non-profit associations, real estate and healthcare organizations.
Businesses that are hesitant to move to the cloud because of security concerns need to recognize that the idea of an on premise system being more secure and less vulnerable to outside threats simply isn’t true. Organizations get hacked on a daily basis, and those hacks are becoming increasingly sophisticated and occurring both internally and externally. We just don’t hear about them unless the hack involves a high-profile name. Bottom line: security will never be 100 percent foolproof.
Businesses can vastly improve security in the cloud, however, by identifying highly sensitive data and then assigning a data sensitivity rating to those systems which are mission critical. Identifying data by sensitivity and business impact helps to lessen the level of apprehension, while eliminating treatment of all data in the same manner.
It is equally important for businesses to understand the different types of clouds that exist and the advantages offered by each in order to determine which option will work best for their organization. As its name implies, a public cloud is a shared environment where resources are available to the public and managed on the cloud provider’s premises. While the public cloud is still secure, it has some obvious drawbacks, including an inability to customize security configurations due to its shared environment. In addition, a targeted hack or breach of one user in the cloud has the potential to impact all of its users.
Businesses can also opt for a private cloud, which is used by only one business and managed by either a cloud services provider or the business itself. While a private cloud offers the user the most control, it does not intrinsically safeguard all data. Unencrypted information, for example, may still be visible in the cloud, in databases, in the operating system, and in the memory.
Finally, there is a community cloud, which offers many of the benefits of a private cloud but is shared by several businesses, typically in the same industry or with the same purpose. While secure, the need to segment and encrypt data in a community cloud is more important because there are multiple areas of contact between the data of one business and that of other organizations.
Regardless of which cloud a business ultimately selects, it is essential to make certain the cloud provider’s reputation is spotless. Obviously, it is in the cloud provider’s best interests to protect the data provided by each business user from being accessed by unauthorized users. One security breach can forever tarnish a provider’s reputation. As a result, cloud providers invest literally hundreds of thousands of dollars on enterprise grade systems which are specifically designed to protect their customers’ data.
While it is essential for a business to check out the reputation of a cloud service provider, it is equally important to make certain the provider has controls in place to ensure the integrity and confidentiality of sensitive data, encryption of non-public personal information, and verification of data handling procedures. The provider should also guarantee that any changes needed to meet regulatory requirements will be implemented, explain how service will continue in the event of a disaster, and detail security controls for physical facilities, networks, data storage, and other infrastructure and operating systems.
While doing due diligence on cloud security in advance may represent a significant investment in both time and effort, it is well worth it. Doing so will enable a business to reap the benefits of increased productivity, easy accessibility, and flexibility that the cloud provides. It will also keep the company’s name out of the headlines because of a security breach.