It is becoming increasingly important for companies and businesses to store data remotely, but some professionals still have concerns over the reliability and security of off-site cloud services. Lost data and downtime is the bane of any business after all, but it is the businesses that wait too long to turn to cloud-based services as part of their business continuity plan that could actually be at risk of a security breach.
We discuss some of the most common thoughts about the risks that we are asked regarding cloud-based infrastructure.
How Do People Perceive Security Risks in the Cloud?
One of the largest areas of concern within an outsourced cloud architecture is around security. There are ever increasing demands on IT departments and managed service providers to adhere to strict IT security policies and in some instances there are independent organisations that will need to apply rigorous and routine audits.
Two extremes appear to be prevalent with regards to corporate adoption of the Cloud.
On one side, there is a perception that the cloud is significantly more risky than in-house IT and that the cloud is something to be avoided at all costs. This is not necessarily the case and can result in companies not taking advantage of the agility and cost benefits that moving to the cloud can bring. Additionally, this view also tends to have a false sense of security around in-house IT which has often not applied that same level of due consideration of risks as has been levelled at the cloud alternative.
The other opinion, that cloud providers take care of security for you, is also prevalent and dangerous opinion. Each provider has differing levels of security depending on their target market, function and expertise. These may not necessarily be failings of these systems, but their standards may not match the levels of protection that your data requires. For example, one just has to look at the adoption of excellent services such Evernote and Dropbox, possibly being used for corporate tasks for which their security does not necessarily suit.
So, How Should One Approach Security in the Cloud?
The reality is, of course, somewhere between the two extremes. Failing to incorporate cloud security in to corporate IT decision making could, in fact, make it more likely that some users are using services in the cloud without proper consideration and review. The key is to work closely with trusted cloud partners (such as NSE) who can advise, design, implement and support a cloud platform that matches your requirements for security and compliance. Ensure that your potential cloud partners have a strong security policy in line with your policy, are willing to enter into a dialogue about security, understand your unique requirements and to constantly review practices.