Are you hesitant about adopting cloud computing services into your IT infrastructure? You are not alone. Data security is the leading concern for IT professionals when it comes to cloud computing. Services like Amazons EC2 are simply not equipped to address the security and privacy needs of data-sensitive organizations. Because public cloud services offer server instances for many clients on the same hardware, your data can get literally “lost in the clouds” when you have very little control over where your data lives.
Private cloud computing allows for the control that most PCI and HIPPA-sensitive organizations require over their data. When it comes to security, the importance of control over your environment cannot be overstated, and leads most IT professionals to adopt private cloud hosting over the public cloud.
When comparing cloud options, here are 5 security tips to consider:
How can you secure your data if you don’t know where it is? Sure, firewalls and intrusion detection and prevention can keep out most intruders, and data encryption keeps the data safer, but how do you know where your data goes when you terminate your service or when the cloud provider goes out of business? Being able to point to a machine and say your data and only your data is on that machine, goes a long way in the security of your data in the cloud. Dedicated hardware is the key that allows for cloud computing services to pass the most stringent security guidelines.
One of the most overlooked aspects of cloud computing and one of the easiest way to increase the control of your data is to make sure that whatever happens, you have a secure backup of that data. This is more about securing your business than your actual data but provides the same type of peace of mind. We have seen big companies like T-Mobile lose its customers data, by not having a backup, leaving them with nothing.
By knowing which server and data center your data is being stored at, you can probe them for all applicable security measures that are in place. You can see if they are SSAE 16 or SAS 70 audited, and if they have clients that are HIPAA or PCI certified. Managed services can also add a great deal of benefit and expertise to making your applications, data, and business more resilient. Services like managed firewalls, antivirus, and intrusion detection are offered by reputable data center or cloud providers, and allow for increased security measures for managed servers.
When in doubt, ask your cloud provider for client references that require stringent security measures. Financial, healthcare, insurance, or government organizations are a good start. While references don’t guarantee anything, chances are if other companies that have similar security goals are using the provider, you may be a good fit as well. Be sure to contact these references directly when possible to see what these companies are using the cloud services for, and the steps they have taken to secure their data.
The only way to make sure something is secure is to test it. It is not uncommon for highly data-sensitive organizations to hire a skilled ethical-hacker to test their security provisions. Vulnerability scanning and assessments are just as important inside the cloud as they are outside the cloud. Chances are that if you can find a way to get unauthorized access to your data, someone else can as well.
Achieving sufficient security assurances in the cloud is possible but it is not guaranteed. Just like any other IT project, you have to do your homework and in the case of security, it is better to be safe than sorry. The private cloud hosting model can certainly provide a more secure framework than the public clouds.