The cloud may no longer be shiny and new, but as its popularity grows, it remains one of the most important tools in business IT. However, could your company’s sensitive information and applications be mixing with the wrong crowd on a public cloud platform?
Cloud growth is sky-high
Cloud services come in many shapes and sizes, and different organisations use the cloud in many different ways. The numbers say your business is probably in the cloud already, with 86 per cent of organisations in Australia now using some form of cloud-based technology. Additionally, overall spending on public cloud services in Australia is forecast to reach $2.6 billion in 2017, representing a compound annual growth rate of 24.7 per cent.
So keeping in mind that you can outsource the function of confidential data security but not the responsibility, how much trust has your business placed in a third-party service?
The only thing to fear is fear itself
Although cloud services are proving popular for many companies, some IT executives continue to express concerns about security issues such as cyberattacks and theft. In some cases, however, this trepidation may actually increase security risks in the organisation rather than reduce them.
For example, when a business is reluctant to embrace the cloud, individual employees or departments may take it upon themselves to use a cloud service – but without appropriate corporate policy to control the activity. This could create an environment where risks cannot be properly managed.
Instead of fearing the cloud, decision-makers should instead educate themselves about cloud technology in order to create a structure that will protect their data and reduce security risks.
Choosing the cloud service that suits your business
Among the plethora of cloud providers, there are three different types of cloud services: infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS). The differences between these services are:
- IaaS is a fully outsourced service based on a pay-as-you-go model that lets businesses store data as well as run applications. Instead of buying their own servers, companies can use IaaS to reduce their operating costs and remain flexible.
- SaaS, also known as service on demand, lets businesses rent software applications. Google Docs and web-based CRM systems fall into this category. Users simply log in to the system via the web, upload their data and run the application using the service.
- PaaS allows businesses to write their own software, with the service running and delivering the program to end users on the web.
Security is paramount
Cloud services offer varying levels of security, so research is key before choosing your provider. The Cloud Security Alliance (CSA) has identified several possible threats to data stored in the cloud, including:
- Data breaches due to hackers.
- Data loss due to hackers or natural disasters.
- Account hijacking due to stolen credentials.
- Threats from malicious insiders.
- Technological weaknesses.
When selecting a cloud provider, choose one that offers a high level of protection at all data entry points and gives companies maximum control over their data. For example, look for a provider that:
- Allows you to control your own encryption keys.
- Provides encrypted back-ups where the user controls the key.
- Uses two-factor authentication techniques when possible.
At a minimum, data should always be encrypted at rest, in transit and on mobile devices, and encryption keys should always be physically and logically separate from the data they protect.
In addition, businesses that deal with sensitive data such as medical records and credit card payments should take extra measures to ensure their cloud provider adheres to specific industry standards to prevent liability.
The benefits of using a secure STAR environment
When a company uses a cloud service, they are trusting large portions of their IT operations to an external third party, so it’s crucial the business and cloud provider work together to build a cooperative partnership of trust.
A secure, trusted and audit-ready (STAR) cloud environment provides the highest standards of security, complies with industry regulations and can withstand the most adverse events. Selecting a cloud service provider with STAR accreditation can minimise risk, however there must be open lines of communication and transparency from the start.
Service-level agreements should be established and both parties should have a clear understanding of expectations and policies if any issues arise. This will allow them to be handled in an efficient and straightforward manner.
Build your future in the cloud
Offering lower costs, scalable infrastructure and universal data access, it’s clear the cloud will not be dissolving anytime soon. Do your homework on all aspects of cloud technology and security, and select the service provider that’s the best fit for your requirements. This will lay the foundations for a long-term, reliable and secure relationship with your cloud provider.