Home » Technology » Cloud Computing » Cloud security – Five ways to keep your business safe
It used to be the bogeyman that would inhibit cloud take-up. It was all-too easy to imagine the collective intake of breath when any manager suggesting going down the cloud route
Moving to cloud is a scary undertaking, you’re ready to cede control to another organisation but it may well be a misguided fear, CIOs may need to look a little closer to home. Every year, Gartner makes predictions about the future and last year it made the bold claim that by 2020, “95 percent of cloud security failures will be the customer’s fault.”
That should provide food for thought for any organisation that’s going down the cloud route; there’s a need to get business processes and procedures in place first and devise some strategies for working securely with cloud.
There are different approaches to security depending whether you’re opting for public, private or hybrid cloud. If you’re opting for public cloud, your main concerns are going to be procedural: public cloud providers have extensive security teams, use advanced security techniques and regularly maintain their systems. Your questions will be about personnel employed and the procedures they use.
But, most European enterprises are concentrating on private or hybrid cloud deployment and for these are different set of criteria apply. Any companies looking to go down this road have several considerations to bear in mind.
One of the key elements of any security strategy is the implementation of rigorous encryption. This should just not include data in storage but data in motion too. There are several encryption products that offer several layers of protection within a private cloud environment.
2) Data separation
One of the key advantages of cloud is that there’s a separation of services from the physical hardware but this can be a double-edged sword. It means that you require sophisticated management resources to deal with different levels of access – for example, accounts team will operate on a different priority to facilities management.
You may also want to prioritise different levels of compute, network and storage to various departments- e.g. a group of engineers will have more intensive demands than accountants.
In traditional on-premise datacentres, there is more physical separation but within a private cloud environment such stratification is handled virtually.
3) Identity management
For cloud to work effectively, there’s a requirement to know who’s accessing the system. Consequently, it’s essential to implement a comprehensive identity management system to handle the authentication of users.
If working with a hybrid system, it’s important that the system can deal with both cloud and physical system and doesn’t lose effectiveness when operating with both.
4) Network security
Moving to a private cloud environment doesn’t mean cutting back on perimeter protection. There’s still a requirement to protect against external hackers so firewalls will remain part of the armory. By using a form of cloud monitoring system, a CIO can spot any unusual activity within a private cloud environment.
5) Security strategy/education
All of these procedures provide an important aspect of security. But they’re not that effective unless the business is geared to support them. That means that organisations should agree a set of security guidelines, implement them and educate staff about using them. This should include an effective monitoring and reporting mechanism, regular updates and audits and co-ordination across departments.
Companies should not think that cloud implementation is solely the responsibility of the IT department. For the technology to be effective, there’s a requirement for all parties to act in concert, supporting an agree range of security policies.
Click here for more cloud computing content