Cyber security is currently centre stage; no matter where you turn it is all over the news. Just this last month we’ve certainly heard a plethora of stories about companies that have been affected by breaches and hacks. A UK telecoms provider experienced a detrimental cyber security attack where customers’ personal data was breached, and in a separate incident at the end of October, three retailers all encountered website disruption, with one of the retailers confirming this was due to a Bitcoin-based DDoS attack.
With the UK government also doubling funds to support cyber security programmes with plans to fend off more sinister threats, many businesses are realising the very real need to protect the sensitive and confidential data that they hold.
Therefore, focusing on cloud security within your company is not only justified but more important than ever. However, it can be difficult to determine what the practical steps are that cloud managers, CIOs and architects need to take to ensure cloud security for their enterprises. Deploying workloads in the cloud does not necessarily present more security risks than deploying in the traditional on-premise data centre - as long as your company has the right security controls in place and you ask the right questions of your cloud services provider.
A partnership with your cloud services provider that is open and transparent about cloud security combined with ongoing support is the foundation for establishing, monitoring and maintaining cloud security. Many companies are simply not talking to their cloud service provider about security issues, nor are they demanding the data about their cloud resources that would help them monitor and maintain the required levels of cloud security that is so essential in the current climate.
Security discussions with your cloud services provider need to start with ground-level issues, like segregation of data from other customers, user access control and two-factor authentication, security of networks and firewalls, availability and performance SLAs, as well as data sovereignty issues. The most pressing issue for many customers is also whether they’re covered for cloud-based disaster recovery in addition to their IaaS requirements. It is also important to not overlook the details, as customers and service providers also need to work together on very practical aspects of maintaining cloud security, including matters such as:
- Scanning and reporting on network and server vulnerabilities
- Detection and remediation of virus and malware intrusions
- Encryption of servers and networks - with options for the customer to hold the keys themselves
- Monitoring and reporting on firewall events and login histories
There is no doubt that cyber-attacks and security breaches will happen again to businesses in every sector – however they can be prevented, and this starts with the infrastructure implemented, and having an open line of communication with your provider. Organisations can move forward with their cloud initiatives and aspirations without getting held back by the security risks. Now more than ever it is really important to ensure that you have the right cloud security in place.
By Monica Brink, Director of Product Marketing, iland