Implications of the Cloud on Security Policies

How will you handle security if your computing is done outside your premises; and if your data is stored somewhere on the Internet instead of in your own servers?

It’s a fact that as soon as information goes beyond the perimeter of your organisation like using cloud services , there is an additional risk to be managed. Yet, surprisingly for some, the cloud can bring significant security benefits as well. Your policies can also make the difference between having more or less to worry about.

The Cloud as a Smart Security Move

For some enterprises, simply moving IT operations to the cloud is already the new security policy. While their apps and data are less under their direct control, cloud provider security is often very good, and significantly better than that of many individual enterprises:

• Controlled access to cloud data centres for authorised personnel only

• Backup battery and generator systems to ensure continuous server availability

• Redundant network links to protect against specific network outages

• Virtualisation of applications over several servers to avoid downtime

• Replication of data (current and backup) between different servers and even locations to withstand data corruption, hard disk crashes and other threats to files and information.

The size and the technology of cloud resources make it easy in many cases for all of the above to be built in and provided as standard service.

Related article: 5 things to consider before jumping (all) into cloud storage

Cloud Weaknesses and vulnerabilities

No system is perfect. Cloud services have their soft underbellies too, depending on the type of service being used and that is why it is important to assess cloud security and its risks.

• Your data may be stored safely, but if you decide to stop using a cloud provider, you’ll want assurance that none of your data will continue to be held afterwards.

• Accusations of government data snooping have tarnished the name of cloud computing in the recent past.

• Data at rest and data in motion (for instance, between your premises and the cloud) are two separate security challenges. You’ll need to make sure both receive proper attention.

• It is possible that your competitors choose the same cloud service provider. With proper workload isolation, the possibilities for a competitor to look over your shoulder should be remote indeed. But, as they say, watch this space…

• Remote application and data manipulations may be unfamiliar to your own IT staff, used to dealing with local systems. Your IT in the cloud may be safe as houses concerning system uptime and protection against hackers, but it can still be damaged unintentionally by the wrong system user commands.

Related whitepaper: your guide to the right cloud mix

3 steps to cloud safety

Start with the following three actions to stay safe in the cloud:

1. Decide which levels of security you need and check that the cloud provider offers them. If the provider wants to talk technology, get clear information about how the technology helps you meet all your business security goals.

2. Use data encryption appropriately. This can help solve the challenge of keeping both stored and transmitted data confidential, and alleviate concerns about full data deletion if you choose to use another provider.

3. Train staff appropriately for cloud information security awareness and safe system operation, or use resources from a third party to guarantee this.

Finally, cloud computing continues to evolve and security aspects may change too. Staying up to date is important and assessment of cloud security should be done regularly. An industry specialist or a competent IT service management company can help here too.

Contact our expert team to find out more about security in the cloud.