Stepping Up to the Cloud Securely: What You Need to Know
Cloud computing is more than a conversation for IT managers and has even gone beyond the CIO office. It is a decision whose final say often rests with corporate management. As it climbs the corporate ladder, cloud computing is also becoming big business. According to IDC, spending on cloud computing is growing at 4.5 times the rate of IT expenditures since 2009 and is expected to grow by more than 6 times the rate of IT budgets through 2020. Fellow industry analyst Gartner predicts the worldwide public cloud services market will grow 18% this year.
This shift in how to store data is changing how IT departments view computing technology and applications. Investing in a cloud strategy can reap cost and efficiency dividends but protecting the most valuable currency – data – remains an important issue. Without the proper security considerations in place, businesses are vulnerable to breaches that can erase any gains made by leveraging cloud technology.
While some companies are large enough to build their own private cloud networks, most businesses rely on public clouds. For corporate and IT management at small to mid-size companies, the best choice is often a third-party firm, such as Pinnacle Consulting Group, who can provide secure and reliable cloud services that include 24×7 support, advanced security, expert migration, and mobile sync for smartphones and tablets.
Safety of the Cloud
Security is one issue that many in-house IT professionals, as well as corporate management, worry about with cloud services. This can be overstated, however, as Gartner estimates that public cloud infrastructure as a service (IaaS) workloads will suffer at least 60% fewer security incidents than those in traditional data centers through 2020. Additionally, by next year, 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures. The analyst firm concluded that the security posture of major cloud providers is as good as or better than most enterprise data centers and security should no longer be considered a primary inhibitor to the adoption of public cloud services.
Having said that, security measures need to remain a high priority to protect data in the cloud. That is because the risks are real and many are the same as in the enterprise, evident by the “Treacherous 12” cloud computing threats recently released by the Cloud Security Alliance (CSA). The dozen critical issues to cloud security cited by the experts who participated in the report in order of severity are:
- Data Breaches
- Weak Identity, Credential and Access Management
- Insecure APIs
- System and Application Vulnerabilities
- Account Hijacking
- Malicious Insiders
- Advanced Persistent Threats (APTs)
- Data Loss
- Insufficient Due Diligence
- Abuse and Nefarious Use of Cloud Services
- Denial of Service
- Shared Technology Vulnerabilities
Develop a Cloud Security Plan
While the security priority remains the same, the cloud will require a different approach, as on-premises processes won’t universally work in the cloud. Here are seven criteria to protect your data in a cloud environment.
- A Safe House – Know the dedicated hardware used to house your data, as it is the key for cloud computing services to pass the most stringent security guidelines. Also partner with a cloud service provider (CSP) with a track record of success and stability. You don’t want to be in the unenviable position of trying to locate your data because you had to sever ties with your CSP or the provider goes out of business.
- Backup Your Data – A simple but overlooked precaution is to make sure that you conduct your own secure data backup. Conversely, does your CSP have adequate backups and redundancies in place? If the provider hosts a copy of your data separate from the primary files, you can access it, even if the CSP is a ransomware victim or has a hardware failure. Plus, it gives you peace of mind, and there is no price you can place on that.
- Serious about Security – Make sure your CSP is as committed to security as you. Have them verify that the location where your data is being stored has all applicable security measures in place and confirm that they have achieved third-party validation. For example, financial firms should make sure their CSP is SOC 1 Type 2 compliant. Managed firewalls, antivirus, intrusion detection and other managed services should be provided, as they allow for increased security measures for managed servers.
- Test – Vulnerability scanning and assessments are just as important inside the cloud as they are outside. If you can gain unauthorized access to your data, someone else can as well. To that end, make sure your provider has a distributed denial of service (DDoS) mitigation plan. Part of that approach should be what is commonly referred to as a “black hole,” which is an inactive or unused IP address where the unwanted traffic from a DDoS attack can be sent without the cyber criminal ever knowing.
- Do Your Homework – When executives create business strategies, cloud technologies and CSPs must be considered. An organization that rushes to adopt cloud technologies and choose CSPs without performing due diligence exposes itself to myriad of commercial, financial, technical, legal and compliance risks.
Extend teaching to employees, as well. Conduct training to make sure they know what a “phishing” scam looks like and how to respond. People represent as much of a threat to data stored in the cloud as they are to vital information kept on-site. A survey from RedLock, a public cloud security company, revealed that 53% of organizations using cloud storage services had inadvertently exposed one or more of these services to the public.
- Protect Yourself – According to the Redlock study, 64% of databases in the public cloud are not encrypted. Protecting your data by embedded protection mechanisms such as encryption and authentication ensures that data security and privacy remain – even if the cloud is compromised.
Partnering with a CSP that meets all these criteria will help protect your data when it is in the cloud. Pinnacle Consulting Group provides cloud services that give you access to secure, reliable, full-featured messaging and collaboration solutions that don’t require a significant investment and on-going management resources. Call Pinnacle Consulting Group at 973-890-1111 or visit our IT services page to learn more.