Cloud computing provides endless amounts of benefits – we tell our clients this all the time. However, some are worried about the security of their data when switching to the cloud. Thanks to RapidScale for their guest blog on data security in the cloud regarding the shared responsibility between the provider and the business.
Fears about data security in the cloud are quickly being overcome, as is clear in the rapid growth of cloud adoption – 25% of total IT budgets will be allocated to the cloud this year alone! In recent years, these fears have been overstated, or didn’t properly address the fact that the quality of cloud security relies on the quality of each specific cloud provider. While security remains as the top challenge faced in cloud adoption, it’s also transitioning from a barrier to a major cloud benefit for many businesses.
The Provider Side
The fact is that cloud computing can provide improved data security compared to what organizations are used to. Providers can and will implement and manage better IT security controls than most internal IT departments are able to. Think about it this way: cloud providers are businesses too. Providing high-quality security is absolutely vital to their success and longevity. Many cloud providers also host data from heavily regulated industries, so they must meet government requirements and are regularly tested. Cloud providers are able to afford the best in security technology, and have the necessary team of cloud and security experts to maintain this technology.
The Shared Responsibility Model
But even with a trustworthy cloud provider, a business can’t expect to just hand off the responsibility and forget about security entirely. It’s a two-way street. In fact, shared responsibility is key to the most effective cloud security. Overall, security responsibilities include physical infrastructure, network infrastructure, the virtualization layer, operating systems, applications, and data. Of course, there’s overlap here, and responsibility will vary depending on the service and should be contractually assigned. In general, with services like Infrastructure as a Service or Platform as a Service, the customer will take on more security responsibility than with Software as a Service.
The Business Side
So how can an organization do its part? First, it must conduct the proper research to ensure that a cloud provider delivers the necessary levels of security. This requires an understanding of the risks of lacking substantial security, which can include financial and operational implications, loss of intellectual property, and breaching regulatory requirements and facing serious fines and reduced customer confidence. Then, before even committing to a cloud service, it’s important to ask the provider specific questions, like:
- Who ultimately owns my data if I move it?
- Where is my data held?
- What specific levels of security are applied to my data, and can you prove it?
- How can you guarantee that only my authorized users will be able to access my data?
- What do you have in place for disaster recovery?
Then, a business needs to take on some responsibility on its end. In general, this might include employee training on things like BYOD, setting strong passwords, data storage, etc. However, the specifics will really depend on the service and the provider.
Data security is not something to be taken lightly by either a provider or customer, so it should definitely be part of the initial conversation. However, cloud security is increasingly offering major advantages compared to in-house options. If a business evaluates a service and cloud provider carefully and determines they are a good fit, it can experience a huge boost in the quality of security for its data. Successful cloud security requires open communication and regular audits.
Opex has a team of highly trained professionals who can help you make sure your data is secure. Contact us for more information.