There are lots of benefits to cloud computing, but there are some security factors to think about. Here’s our quick guide.The risks associated with cloud computing can depend on factors such as what data or services you’re running and the public availability of the cloud location. Here are some of the most common risks. Don’t worry, we’re going to help you minimise them all:
This is one of the most common worries when you have your data located outside of your control. The various cloud platforms that can be used to store your data and services can be popular targets for hackers because the platforms themselves are prominently available and in most cases publicly facing. Knowing your data is outside the boundaries and controls of your internal network can make this exposure seem even greater. The best ways to tackle this are a combination of standard good practices and awareness of the attack profile. These recommendations are applicable for cloud computing as well as traditional on-premises computing:
- Strong passwords
- Unique usernames
- Reduced entry points for attack by turning off unused or unneeded technology
- Multifactor authentication where possible
- Access locked to specific IP addresses (not available to everyone on the internet)
- Detailed logging
- Monitoring of services to identify abnormal behaviour
This can be a worry precisely because your data is out of your control, but the reality is that responsible cloud providers will always go to great lengths to protect your data and ensure that it’s backed up and safe. We recommend that you ask your provider what the disaster recovery (DR) procedures are for the cloud service in the event of data loss or platform loss, as well as how backups are stored and secured. Getting full, positive answers to these questions will help you identify who the responsible cloud providers are.
Once you have made the decision to move data or services into a cloud computing platform is how to get it back out if you want or need to. This can represent a security concern because if you are tied into a contract or there is a complex exit process, then your data is stuck in a place you no longer wish it to be. Due diligence before migrating to a provider is important. Ask questions in advance so that you fully understand the conditions and processes required for moving your data out of cloud computing.
Where is the data stored?
It’s really important that you know the answer to this question. You need to know the country of storage for legal reasons. You’ll also want to know where the datacentre is and that it has appropriate physical security. Microsoft, Google and Amazon all operate highly secure facilities, but software vendors who offer cloud solutions may not be using these services for their infrastructure and might instead be using independent datacentres or other computing locations. Finding out where data is located and how it is protected should always be a key consideration.
How is data separated?
It is always a prominent feature in the news when there has been a data breach and personal details have been compromised by hackers and other malicious organisations, but this is not the only way your data could be accessed. If you have a vendor who provides a cloud service for you and others, they will be storing multiple customers’ data. Depending on how they do this, you may wish to know how possible it is for data to cross clients and for it to become accessible by other users of the service or platform. How is it stored and accessed separately from other clients? Getting full, frank and positive answers to these questions will help you make an informed, safe decision.
If you’re concerned about the security of cloud computing, or need advice on how to choose what’s right for you, we’re here to help. Get in touch today.