The rapid growth of cloud computing has encouraged security companies to develop solutions that can be delivered in the cloud, but some aspects of security have to be delivered on-site in order for businesses to remain fully protected from threats.
Cloud delivered security is perfect for securing, encrypting and archiving email. The cloud can also be great for filtering internet access in the cloud to prevent employees visiting non-work related sites or downloading unapproved content which would otherwise take up huge amounts of bandwidth and expose corporate networks to increased risks of malware.
Too often, we think of IT security as being email and web filtering. These are important, of course, but there are other – critical – elements of business security that cannot be managed completely in the cloud, such as a properly configured firewall and IDP system.
Remote working is more common place (helped in part by cloud technology and business services), but companies that use remote access often leave themselves wide open to potential security breaches by not using a virtual private network, and using an easy to set up, but far less secure remote desktop service. Setting up a VPN can be difficult, but it’s better to invest in getting one professionally set up, than risk costly damages to your firm as a result of using an insecure service.
The most important thing to remember is that no security system, whether cloud based, or on-site, can fully replace stringent security procedures. Human error is still the number one factor in breaches of IT security, and whilst it will never be completely vanquished, companies can improve their chances by ensuring that strong security policies incorporating good change control and monitoring are in place in addition to cloud and on-site security.
Routing and hardware/software updates are also areas where businesses can come unstuck. Poorly configured routing can leave the network vulnerable to attack and un-patched systems can expose the network to malware threats.
As ever, what is needed when thinking about cloud delivered security versus on-site security, is experience and knowledge. Choosing the right combination can depend on a number of factors but to create a comprehensive security system it must be backed up by strong procedures.