A vast majority of companies now have at least some components of their business in the cloud. Those that are still considering cloud adoption may be hesitant due to security concerns. From the infancy of cloud, this has been a common topic of conversation and will likely continue to be for the foreseeable future. This guest blog from our partners at Matrix outlines some security-related factors to consider when evaluating whether to go through with a cloud deployment.
Cloud deployments typically come in three varieties: public, private, and hybrid. Public cloud is inexpensive, but data is more susceptible to infiltration as the space is shared among multiple companies. While private cloud is more costly, it is more secure since the space is dedicated to only one company. Hybrid cloud is a blend of the two versions, leveraging inexpensive public cloud for non-sensitive data and private cloud for anything confidential or valuable.
Knowing where company data will reside is possibly the most important question to ask potential vendors. Much of the data housed by a company is email related, and a significant portion of it includes contact information. The rest consists of company records like payroll, payment, sales, and account data. Sensitive information should live in a highly secure environment, which is why private cloud is a better fit for that particular need.
Data is a valuable commodity, and cybercriminals employ a multitude of tactics to acquire it. Identity theft is a rapidly growing concern, and companies spend millions of dollars trying to recover from a breach. In many instances, a security incident results from inadequate access policies, easy-to-guess user passwords, or improperly secured user interfaces.
It’s important that company information resides in the appropriate area of the cloud. Since the public cloud is shared space, a breach to one company means that the others on the same space are equally endangered. The good news is that cloud providers are increasingly security-focused and build powerful controls into their systems. Today’s savvy cloud vendors are often able to create a more secure framework than a traditional on-premise version.
Best Practices for Cloud Security
A number of measures can be taken to provide protection in a cloud implementation. Strong network policies, stringent access control handling, password complexity requirements, and firewall rules can help keep data secure. Lock down IP ranges whenever possible, use multi-factor authentication for systems and network management, and utilize comprehensive intrusion detection and prevention. Sensitive data should be encrypted at rest and in motion using the most advanced protocols possible.
Certain industries such as healthcare, banking, and education may have specific compliance requirements where cloud is concerned, so be sure to check before beginning an implementation project. For organizations holding on to older legacy applications, it may be challenging (or impossible) to integrate them with a cloud deployment, and replacement applications should be identified and budgeted for accordingly. Any security program should encompass the company’s existing network, any cloud components, and the points where the two meet.
Cloud is growing in popularity for many reasons. Security should always be a consideration, but not one that disqualifies using such powerful technological tools. Proper planning can combine the flexibility of cloud systems with iron-clad protection.