Tags


Latest Posts


Latest Comments


Authors

O ye of little faith in cloud security

jonathon-birch-thumbnail.jpg

Posted by |

While the cloud will always require vigilant security measures as much as any other form of IT provision, it's a sweeping misconception that it puts your information at greater risk. Indeed one of Gartner's recently published top 10 cloud myths was that public cloud is less secure than on-premise IT, despite the latter being where most security breaches actually happen.

While some statistics suggest that cloud still suffers from a security image problem, at Redcentric we've seen a massive growth in cloud adoption by customers over the past six years. In our experience, there's been a change of attitude among enterprises who have begun to understand that excessive concerns about security are unfounded. The 'type' of cloud chosen clearly has something to do with it; we've increasingly seen an adoption of our shared IaaS platforms (public cloud) to run tier one applications, such as enterprise resource planning (ERP) and customer relationship management (CRM) systems.

Rather than obsessing about security, my view is that organisations should be looking at how they (and the cloud service providers) can be confidently managing the potential business risks that a move to the cloud poses. Cloud deployment is a significant business decision, and the following risk considerations should be front of mind:

  • Data location: Once you've established where your cloud will be, you're bound by that country's laws on data access. The Patriot Act for example, an American law that gives the government access to data stored at any cloud server in the country, means that your data may be visible to authorities where it's hosted. This calls for organisations to research the legalities of data hosting in the country they're considering hosting their cloud; don't assume that your data will only be visible to you. Remember that it's a legal requirement for you to disclose the location of your data and customer records to key stakeholders too.
  • Control: Putting your data in a public cloud means that it sits on the same hardware as that of other organisations and very often you will have little control over it. This poses the risk of your data not receiving the individual attention it requires to ensure full security. As well as placing data on physically dedicated hardware, private cloud infrastructure gives far greater control over your data and allows an organisation to implement changes and its own individual security measures as required.
  • An exit approach: Not thinking about the exit ramifications of adopting the cloud simply isn't an option. It's possible that your cloud journey experiences some crises along the way, such as the provider going out of business, meaning that you have no choice but to host your data elsewhere. Provisions around accessing and moving data to a different provider boils down to what is in your cloud contract. Providers may not always include exit approach terms in their default terms, so it's up to you to ensure that your cloud deal allows for a smooth exit in which you can easily retain all of your data assets, or have back-up if they suddenly become inaccessible.

It's reassuring that enterprises are spending less time getting tied up with cloud security concerns. Efforts are better spent on risk considerations to ensure that they have made the right cloud choice for their business, as well as negotiating contract terms that will help minimise potential crises in your cloud deployment.

Comments

 

Post a comment

Comment submitted! Comments needs approval before being displayed.