There is still a question mark surrounding the security of migrating services to the cloud and whether businesses can trust the cloud in a crisis. We only have to look at the recent news stories to see real examples of lost customer data and privacy breaches which further fuels concerns about IT security and the cloud.
While the benefits that cloud computing brings to businesses have never been in doubt, the advantages of flexibility, agility, and improved costs and capabilities will be overshadowed if a company feels elements of its data security is being compromised.
Particularly when it comes to crisis situations such as those recently reported incidents in the media. How can businesses protect their most valuable IT assets if they are in the cloud, and if the worst case scenario happens how quickly can they recover and keep their company up and running?
The simple solution would be to choose the right cloud offering that provides a service to meet or even exceed the various security, privacy and compliance needs of each company. A straightforward answer, however those individual businesses need to know precisely what to look for when selecting a cloud provider.
The three most important elements of basic protection for any businesses IT assets whether in the cloud or on the premises are physical security, application security and network security. If services are being transferred to the cloud, the physical security and the location of the data centre has to be a key consideration.
Regulations and legal requirements can vary from country to country, which may result in businesses losing control of who has access to their data. This could result in serious consequences in a crisis scenario, so choosing a provider who operates their cloud services under common operational guidelines across multiple jurisdictions, with common security and privacy requirements could help to alleviate these concerns.
In terms of network security, the cloud solution has to offer the same level of protection against the evolving range of potential threats, whether it is the appropriate appliances to provide firewall and intrusion detection capabilities, anti-virus, or security risk assessments on infrastructure and applications.
In the cloud, application security can also be as robust as an on premise solution, offering the required protection for every vital element from network domain connections and user connections to email and data security.
In crisis scenarios businesses usually have comprehensive business continuity management plans and a cloud solution has to play its part in supporting that. The most successful cloud providers will have systems designed to support the application and network to tolerate system or hardware failures with minimal customer impact.
If we take the data centres themselves as an example, an ideal solution would involve duplicated connectivity from dual data centres to the company’s endpoints to ensure that voice and data communications is maintained.
Data centres built in pairs are a crucial aspect within a company’s business continuity plans. In the event of a disruption causing failover to the second (alternate) location that will then become the primary location and the former primary will become the back up until a switch back can safely occur.
In the case of data centre failure, automated processes should be in place to move the company’s traffic away from the affected area and there needs to be sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Cloud providers should have their own plans in place to handle disaster recovery, including coping with worst case scenarios such as a single location being disabled for a period of time. When all services are provided in a geo-redundant configuration, the impact of the loss of location is minimised and the provider can work to restore the damaged location. Incident response teams should also be on hand at all times and offer round the clock coverage to detect incidents and manage the impact and resolution.
Businesses need to able to put their trust in the cloud so they can reap the benefits and improvements that adoption can bring. Probing the vendors’ architecture for failover, switchover time and looking at how they handle planned outages for upgrades and unplanned downtime will reveal how seriously that provider takes security issues.
Any company needs the reassurance that their operations will not be fully compromised in a crisis situation. In this industry there will always be a vast number of potential threats to IT assets and customer data. Finding the most robust and reliable cloud solution can overcome these challenges and ensure any damage to the company’s performance, revenue and reputation is kept to a minimum.