Cloud computing is quickly becoming the way that all business does business. Sooner rather than later people will not be able to recall a time when there was another way of doing things other than via the cloud.
In a world of many clouds, questions arise, namely those of security. Cloud computing is elastic IT, scaling up or upgrading is just one of the many benefits offered by moving to the cloud. However, these benefits seem to fade into the background when a data breach is reported in the media; when the benefits dim the doubts take over. The main perceived weakness of cloud computing is that it may not be safe from cyber-attacks. For a company that works across the state or country (or across several countries), the cloud is the future but security concerns can takeover and stall the journey.
The Cloud Security Alliance’s ‘Cloud Computing Top Threats in 2013’ identified the Notorious Nine threats. In order they are:
1 Data breaches
2. Data loss
3. Account hijacking
4. Insecure APIs
5. Denial of service
6. Malicious insiders
7. Abuse of cloud services
8. Insufficient due diligence
9. Shared technology
How can business mitigate the Notorious Nine?
Do your due diligence when exploring the best cloud option for you – public, private or hybrid; and especially when choosing a cloud service provider. But business must keep in mind that responsibility goes both ways and the client must also take measures to fortify their data and applications, use strong passwords and authentication methods. Keep in mind that moving to the cloud could be the perfect time to upgrade security.
Some things to look for when choosing a secure cloud service provider:
Data isolation and logical storage segregation practises must be sound
Data encryption protocols are built-in
Physical security of the physical infrastructure is in place, look for a ‘world-class’ data centre
Robust record keeping
All the right credentials and compliance requirements in place
Integrated security controls – deterrent, preventive, detective and corrective – are practised (see below explanation).
Integrated Security Controls
Deterrent controls are intended to reduce attacks on a cloud system, like a fence around a property these controls reduce the threat level by informing potential attackers that there will be adverse consequences if they proceed.
Preventive controls strengthen a system against incidents, an example of a preventive control is strong authentication of cloud users.
Detective controls are there to detect any incidents that occur and to signal the preventive or corrective controls to address the issue.
Corrective controls reduce the consequences for an incident by limiting the damage; they come into effect during or after the incident.
For most businesses the cloud is the inevitable destination, and cloud security has come a long way in recent times. Like with any network, architecture security should be a pressing concern but just as important are the ways to mitigate risk and ensure business continuity. Due diligence and a trusted IT partner are just two ways to help your business in the move to the cloud.
Contact us today for all your cloud questions.
