The concern which, above all others, causes IT heads to think twice about migrating to cloud computing is security. This is understandable: from the hacker’s point of view, the cloud has a silver lining – a rich store of sensitive (and therefore valuable) data.
This is why it is important, if choosing a provider, to make sure the company has a robust approach to handling security matters. If you are not completely reassured after completing your homework, then look elsewhere.
So, what are some of the issues around cloud computing and how are they being overcome by reputable suppliers?
A cloud service provider often uses the same software and infrastructure to serve several customers. The term for this set-up is ‘multi-tenancy’. It has its risks: for example, there have been cases of software bugs passing from one customer to another. You should make a point of discussing the options – which include a personalised, ‘single tenant’ model – with a provider who places a premium on security.
A cloud service provider will typically work with a range of third parties. If you turn to a provider which demonstrates a professional approach you can at least have a degree of confidence that its associates can be relied on to keep your data safe. You should also ensure that the provider can answer some vital questions. Does it own both servers and software (this is not always the case)? What is the level of technical support, should things go wrong? Is there a disaster recovery plan? The provider should specify the same level of protection which you would have in place if you were storing the data yourself.
The customer is unaware of where their data is being held or which country’s laws apply. Before finalising your contract you should find out exactly which jurisdiction and laws would apply to each party involved if certain incidents developed, and also satisfy yourself that the data centres comply with the particular regulatory standards of your business sector.
A provider must, of course, heed the basics: safeguarding data with a web application firewall, taking due care that any third party code it uses passes the same security tests as their own code, and carrying out proactive testing of systems. A high degree of anti-virus protection and a system to prevent malicious code arriving via email are other essentials.
Security must always be integral to a company’s move to cloud computing – and not just an add-on to be considered later.