The fog around cloud security is beginning to lift. Companies are moving beyond their longstanding concerns and are entrusting their business processes to the cloud. But that doesn’t mean there’s nothing more to worry about.
The truth is, no matter where your data sits, it is your responsibility to keep it safe and available. And your ability to fulfill that duty becomes hazy when you’re relying on cloud service providers to host and secure your data in a public cloud.
Know your provider’s security risks
To protect yourself — and your data — you need to know what security risks you’re exposed to via your cloud service provider, and what your provider is doing to address them. Gartner has outlined many of these in a recent ebook. Take a look at these five ways your data may be at risk:
Data transfer: How is your data being protected during transit? Data should be encrypted whether it’s traversing the network or sitting in a data center. Bad things can happen to good data. Know the threats and how you can avoid them.
Multitenant servers: What is being done to prevent other customers using the same servers and services from accessing your data? Multitenant servers, which are shared by multiple parties, need to be properly compartmentalized and secured.
Provider’s employees: How is your provider safeguarding your data from its own employees? Be sure access control includes two-tiered authentication and authorization, and that you are solely in charge of who has access to what.
Service outages: What measures are in place to recover quickly from a service outage? Hardware failures, malicious attacks and natural disasters can be devastating if contingency plans aren’t in place. Arrange to have backups made at regular intervals. These are also helpful if a provider is acquired or goes out of business.
Physical housing: How secure is your cloud provider’s facility? If a server is stolen, you can say goodbye to your data that is stored on it — while the thief says hello. Make sure the cloud provider has a secured facility — with alarms, patrols, ID badges and video — to keep that from happening.
In the cloud and on the ground
Ultimately, the responsibility for cloud security lies with you. To keep your data safe, you’ve got to partner with your cloud provider to ensure data is accessible at all times and that it isn’t lost, compromised or stolen. For your part, you must safeguard the data while it resides in your domain with solutions that incorporate data, network and identity security.
This blog is part five of an eight-part Data at Risk 2013 series:
· Part One: 30 IT Security Risks Across the Enterprise
· Part Two: Top 5 Risks in Cybersecurity
· Part Three: Social Media Risks for Businesses
· Part Four: Five Ways Good Mobile Employees Do Bad Things