Tech Lover 9

Thanks to the cloud, businesses large and small are taking advantage of cheap easy to access applications to increase their business productivity and reduce the costs associated with purchasing enterprise grade IT hardware. Virtualization, whilst by no means a new technology, has matured, and is allowing whole internal IT infrastructure of servers, storage and networks to be moved into third party data centres. All the major IT vendors are building up their cloud offerings alongside a host of small specialist providers many of whom started out as web hosting firms. The global recession is helping to fuel the drive to the cloud as firms see cloud services as a quick and cheaper way to build out their IT infrastructure. So, for many it’s not a decision of whether to move to the cloud, but what to move to the cloud, when to do it, and what factors do I need to consider. As with internal IT systems one of the biggest factors to consider is security, here’s a run-down of some of those security risks and what to consider.

Secure systems

Secure systems, fairly obvious, but are a must. You are putting your trust in a third party to run your applications and store your data and prevent intrusions. That means firewalls, updated OS and application software, network penetration testing and the credentials to prove their competence. The good news is cloud IT vendors should have greater experience in this than you could ever hope to provide internally as a non IT vendor. Cloud providers can prove their competence by adhering to rigorous standards such as ISO27001 Information Security Management System and show their management competence and desire to constantly evolve their internal protocols through ISO9001 Quality Management Standards.

Physical location

Physical location of cloud data centres has an impact on factors such as local legislation but at a more basic level things to consider are the premises secure. Could the data centre be subject to equipment theft or equipment destruction? Back in 2011 Vodafone experienced a major outage in its services due to a break in and theft of network equipment and servers at its Basingstoke data centre. In this instance, data centres housed within buildings with 24-hour security guards would have the upper hand over those which did not.

Local Legislation

Does local legislation protect the data you store in keeping with the expectations of your customers, clients and partners? By having your cloud services provided within the confines of the EU a common data protection standard has to be adhered to. This provides greater assurances that you will not become subject to obscure local legislation.

Resilience

How readily can you access your data and what happens if nature or human’s intervene to stop you from accessing it? Having your cloud services distributed over multiple locations is going to help in major outages caused by nature. Recently, in New York, a data centre hub was hit by Hurricane Sandy knocking out some of its data centres for a number of days due to an explosion at a power sub-station on Manhattan. Could your organisation withstand a couple of day’s downtime when nature decides to destroy major power lines and sub-stations? If not, then the answer is to seek out co-location cloud services that distribute your operations across multiple geographic locations.

Unfortunately Mother Nature is not the only force effecting cloud services, Denial of Service attacks (DDoS) are constantly occurring potential blocking out organisation from accessing their own systems. British firm, Memset, a cloud service provider, is used to repelling DOS attacks at a rate of 20 per hour. A robust cloud service provider should have the ability to detect and mitigate the effect of such attacks through large bandwidth resources.

Access Controls

How does your potential cloud provider vet and monitor their employees to ensure your data doesn’t walk out the door? Only those that need access to your systems should have access. Background checks should be run on employees to prevent those with criminal records from getting anywhere near your data or systems.