Everybody loves cloud services for their utility and accessibility. How about their security? It remains a concern for private users, small businesses and global enterprises alike. Leviathan Security Group research has identified three key factors in the effectiveness of cloud security: availability, staffing and vulnerability management. Only by considering, and carefully managing, all three can you be confident that your business is as well-protected as possible.
First, check with your cloud provider just where your data will be held. Leviathan found that many cloud providers operate only a single data centre, meaning they lack redundancy and are highly vulnerable to physical disruptions.
From Hurricane Katrina to the explosion of a Shaw Communications building in 2012, there are numerous examples of data centres being compromised by unexpected events. Indeed, the Leviathan paper points to examples of entire countries being taken offline, such as when a 2008 Suez Canal accident caused widespread outages in Pakistan, Egypt, India, Kuwait, Lebanon and elsewhere.
The message is clear: businesses must use providers that offer geographic redundancy, with data hosted by centres in different regions, “ensuring that data is replicated not just across a city, but across a continent or an ocean.”
Cybersecurity experts are hard to find. Leviathan notes that globally, there are over one million cybersecurity positions unfilled (defined as being vacant for over one month). This means security staff are hard to find, and expensive to hire. A better solution is to use a cloud provider with a dedicated team.
Indeed, this is often a key selling point: cloud providers employ teams of experts with up-to-date skills, not to mention state-of-the-art security systems that would only be economically viable for the largest organisations.
There may be certain skills, functions or tasks you want to keep in-house, for regulatory or other reasons, but even if you only use cloud providers for non-sensitive data and tasks, they provide a level of security expertise that’s hard to match.
3. Vulnerability management
No system can or will ever be completely secure and Leviathan emphasises that, as high-profile attacks on both online and physical retailers and service providers have shown, cloud-based storage is not immune to the threat of cyber-crimes.
We know that criminals are always probing networks, websites and applications, looking for vulnerabilities they can exploit. This is where patch management, intrusion detection and protection systems, firewalls, sniffers and more – the full array of security technology – comes in to play.
But as any security expert will tell you, system maintenance is a vital link in the chain. Regardless of the solution you choose, you need to consider how vigilantly your network is maintained, considering security patching and updates, perimeter rule changes, and preventative measures such as intrusion detection systems. It’s a constant battle; as the Leviathan report states, “the defense, like the adversary, must be continuous, growing, and tireless; anything less will not suffice.”
Of course, there are other factors which affect data security. User security – including passwords, biometrics and other authentication measures – is vital, as even the best security systems can be rendered powerless by careless users and poor policies.
There’s a constant interplay between all elements of your security regime. No single system or procedure can provide full security for your users and data, but there’s no doubt that ensuring your data is hosted in multiple secure locations, maintained by expert staff and protected from would-be thieves is vital. So, play it smart – find a cloud provider that can demonstrate its availability, staffing and vulnerability management credentials. Combine this with good internal procedures and technology and you’ll have the security of knowing you’ve done all you can to keep your business safe.
BlueScale is a boutique MSP who specialises in SMB and NFP organisations in NSW. We work with clients to manage their IT end to end, much like an outsourced internal IT department. We manage:
- IT procurement, along with subsequent vendor and supplier relationship management
- Enterprise architecture design, direction and transformation
- Project planning and implementation
- IT operations and ongoing user support
Coupled with our experience in IT management and strategy reporting to Board, CEO, Business Management and User layers, we act as an economical virtual IT department for complete business technology requirements.