Cloud Security: Let’s Keep the Data Between Us
In 2011 Dave Kennedy, a renowned IT Security "Ninja" reported that there were 480 security breaches of digital assets. The worst hit, as usual, appears to be the Healthcare sector with a total of 160 breaches.
The statistics are naturally unsettling and lead many IT managers to question whether it’s worth migrating their data centers to the remote web hosting facilities and cloud servers.
The New York Times reported that a survey by Ponemon Institute found that 9 out of 10 companies had suffered an online attack in the last 12 months.
Quite bluntly, cloud computing implies that responsibility for protecting information from hackers, internal breaches (and subpoenas) now belongs tot the hosting provider, not the company or individual user.
The location of the servers also affect ownership of data in the eyes of the Law and tacitly imply that perhaps a hosting provider may not defend your rights as well its own. The example of Amazon kicking WikiLeaks off its server perhaps illustrates this fear to some degree.
"There is also a risk that the host might shut down its operations, declare bankruptcy, or sell the business to another provider. What might happen to your data if that were to happen?" asks Privacy Rights.
PCMag, for instance, reported on June 17, 2010, that, "Intuit is slowly recovering from a massive site outage that has taken down its main site and several of its online services since Tuesday night, stranding potentially hundreds of thousands of customers without business services."
However, while all of the above are indeed cause for concern they are not enough to discourage decision-makers from embracing the cloud. They simply reflect a new, negotiated terrain in which to do business… cautiously.
Pew Research Center confirms that 69% of Americans use webmail, store data online or us online productivity software such as SharePoint and Hosted Exchange.
Why? Because they love the convenience and real-time access, anytime, anywhere. It's also generally cheaper, faster and simpler to use.
"However, their message to providers of such services is: Let's keep the data between us," said Pew Research.
At this point in the blog post, it’s also now perhaps worth pointing out that many of the hacks (50 breaches containing at least four million records) mentioned in the first paragraph, took place after laptops and flash drives went missing; not because of a cloud computing breach.
Further, the same hacking attacks that took place at Sony and Dropbox, have happened numerous times at bigger offline institutions that were not in the cloud.
In 1999, The Telegraph reported that Jonathan James broke into military computers at the Defense Threat Reduction Agency and intercepted thousands of confidential messages, login information, and $1.7 million worth of software that controlled the living environment on the International Space Station. The breach led NASA to shutdown their network for three weeks, costing thousands of dollars in security upgrades.
There is thus a natural tendency to demand tougher security restrictions for cloud servers than one would ask of traditional on-premise arrangements. This is probably not fair, but understandable, considering the media hype around cloud computing.
For this reason modern hosting providers are reaching high to gain the trust of enterprises and SMBs contemplating the cloud.
Take a look at how Virtual Internet secures your data and digital assets in the cloud
Data Privacy & Independent Audits
Custom SLAs designed by you
All our service level agreements (SLA) are customized to your specific business, technical and strategic requirements. This includes covering areas such as security, privacy and server stability. We will work with you to ensure these three areas match and exceed your present on-premise data center configurations.
PCI DSS Compliance
If you store customer credit card information, then as of June 2008 you will be required to be PCI DSS compliant. Virtual Internet can help you implement firewalls and conduct a security audit to ensure servers and firewalls are patched and up to date.
24/7 Security monitoring
The following is built into the Security DNA of our cloud facilities:
• Multi-layer security control procedures.
• Biometric palm scans, electronic photo id badges and PIN access are required to gain access to the facility.
• One-in-one-out entry policy.
• 24 x 7 closed-circuit video (VI operate independent cameras)
• 24 x 7 alarmed door monitoring.
• Secure cabinet access (key and combination locks).
• 24 x 7 monitored & manned site with security staff.
Uninterpretable power supply
We also offer uninterruptible redundant AC and DC power solutions that are flexible and upgradeable.
• 100% power supply availability record for the previous 5 years.
• All power requirements of installations planned and managed by senior VI support staff.
• VI proactively completes a monthly physical power audit to highlight potential power loading issues.
Achieving Industry Security Certifications
In January 2011, Virtual Internet achieved both ISO 9001 & 27001 certifications. Along with quality management the certifications reflect a commitment to state-of-the-art data protection and enhanced benchmarking.
We have sophisticated data recovery mechanisms in place that include geographical disaster recover, server snapshots and managed off-site backups. We even offer Network Attached Storage (NAS) for larger backup scenarios. We take your mission-critical applications very seriously.
Experience on both sides of the Atlantic
We recently launched cloud servers in Utah, United States. We are thus in the unique position of being able to geographically spread data across two continents as part of our broad backup, redundancy and security measures. It also makes us attractive to clients on either side of the Atlantic and reflects our technical versatility.
The VI customer support team is comprised of VCP qualified engineers and VSP qualified staff to handle all requests relating to the new Pay-As-You-Go servers. These include VMware and Xen OnApp servers.
The cornerstone of the VItal support promise is constant 24/7 support, 365 days per year. Virtual Internet even remains open for support calls during the busy holiday period.
Uptime web cam
Okay, not quite a web cam, more a dashboard. It shows you exactly how our servers are performing including any scheduled maintenance. If there ever was a breach in our systems, you would be able to check the network status and latest advisories. This in addition to server monitoring on your existing servers mentioned further above.
To help customers understand some of the finer details of cloud computing, including security challenges, VI has released a number of white papers which break down their SLAs, cloud configurations (Private, Public, and Hybrid), and other details which may help plan your migration to the cloud…safely.
Presence at major cloud computing conferences
To remain a leader in our field, you will find us at every major cloud computing conference. In fact, we are often called upon to deliver papers on the configuration of our cloud servers and how far we go to meet security compliance. We own a 10,000-foot data center in London, which is considered one of the most technologically advanced in the UK and Europe.
Content Delivery Networks
Our CDN networks are designed to offer extra layers of security, as well as speed. Special algorithms and switching mechanisms allow VI to rapidly distribute high-bandwidth content, including video, to just about any worldwide location in seconds. This is just another example of how sophisticated our data centers have become.