Why it is vital to talk about security with your cloud provider
Cyber security is currently centre stage – no matter where you turn, it is all over the news.
Just this last month we’ve certainly heard a plethora of stories about companies that have been affected by breaches and hacks. A UK telecoms provider experienced a detrimental cyber security attack where customers’ personal data was breached, and in a separate incident at the end of October, three e-tailers all encountered website disruption, with one of the e-tailers confirming this was due to a Bitcoin-based DDoS attack.
With the UK government also doubling funds to support cyber security programmes with plans to fend off more sinister threats, many businesses are realising the very real need to protect the sensitive and confidential data that they hold.
Therefore, focusing on cloud security within your company is not only justified but more important than ever. However, it can be difficult to determine the practical steps that cloud managers, CIOs and architects need to take to ensure cloud security for their enterprises.
Deploying workloads in the cloud does not necessarily present more security risks than deploying in the traditional on-premise data centre - as long as your company has the right security controls in place and you ask the right questions of your cloud services provider.
A partnership with your cloud services provider that is open and transparent about cloud security combined with ongoing support is the foundation for establishing, monitoring and maintaining cloud security. Many companies are simply not talking to their cloud service provider about security issues, nor are they demanding the data about their cloud resources that would help them monitor and maintain the required levels of cloud security that is so essential in the current climate.
Security discussions with your cloud services provider need to start with ground-level issues, like segregation of data from other customers, user access control and two-factor authentication, security of networks and firewalls, availability and performance SLAs, as well as data sovereignty issues.
The most pressing issue for many customers is also whether they’re covered for cloud-based disaster recovery in addition to their IaaS requirements. It is also important to not overlook the details, as customers and service providers also need to work together on very practical aspects of maintaining cloud security, including matters such as:
- Scanning and reporting on network and server vulnerabilities
- Detection and remediation of virus and malware intrusions
- Encryption of servers and networks - with options for the customer to hold the keys themselves
- Monitoring and reporting on firewall events and login histories
The good news is that there are a lot of advancements in cloud security which can negate cloud risks when matched with cloud service providers like iland, who are willing to work closely with customers to match specific security requirements to cloud infrastructure and services.
There is no doubt that cyber-attacks and security breaches will happen again to businesses in every sector – however they can be prevented, and this starts with the infrastructure implemented, and having an open line of communication with your provider. Organisations can move forward with their cloud initiatives and aspirations without getting held back by the security risks. Now more than ever it is really important to ensure that you have the right cloud security in place.
- » What enterprise IT teams can learn from Google Cloud’s June outage: A guide
- » Why adaptability is critical to meet future data centre demands
- » Putting data security at the heart of digital transformation – from culture to code
- » Why embracing the cloud means preparing for problems you can't control
- » Cloud performance and change management cited in latest DORA DevOps analysis