Sheila Pancholi| Realbusiness
Cloud computing offers businesses the opportunity to outsource their IT services, reducing both time and cost efficiently.
This is highly attractive, as businesses do not need to understand the devices they are using, but do companies really understand the implications of outsourcing their business services to a cloud computing service?
Cloud computing is the next stage in the Internet’s evolution, providing the means through which everything can be delivered as a service, wherever and whenever you need. Businesses, such as Google and Amazon, already have most of their IT resources in the cloud so they can eliminate many of the complex constraints, including space, time, power, and cost. Yet, for all its advantages, cloud computing still makes some businesses a little uncomfortable, as it requires them to think about data in a different way, specifically regarding safety and the trustworthiness of third-parties handling the information.
Selecting your cloud computing provider
Trusting an outside company with something as important as data can be a difficult step for many businesses. But if you choose your hosting company carefully and undertake a formal due diligence exercise when choosing a supplier, then you will be entering into the contract with the right knowledge and expectations.
The most important thing to remember when you are working with your cloud computing provider is that you own your data and it still remains your responsibility to ensure it remains secure. The provider should manage the infrastructure and application availability, but they should not have access to your data without your permission. When selecting a cloud computing provider do not forget the basics such as undertaking a formal risk assessment and ensure that the contractual agreement includes a right to audit provision. Also ask your shortlisted suppliers to provide copies of their own security policies and procedures and any independent verification obtained to demonstrate that they have adequate controls in place.
If you are not sure where to start, here is a quick guide to the ins and outs of managing data between you and your provider:
- There should be formal security and confidentiality policies in place requiring the provider to ask for your permission to access your data if support is needed;
- Do not assume support personnel can access your files at will. Remember, you have the right to deny access to your data;
- Ensure upfront that your cloud computing provider will have data logs in place so there is a record of who has accessed your data and when that access took place. It is your responsibility to ensure these logs are reviewed regularly;
- Ensure that you have read and understood the privacy statements in your cloud computing provider contract agreements upfront. These statements should outline how they maintain privacy of your data and what measures can be taken if it is violated;
- Ensure that your provider will not use your data for marketing or promotional activities. You should have the ability to opt in to such marketing communications; and
- Remember, it is your data, and you are ultimately responsible for your clients’ privacy.
Is cloud computing secure?
If done correctly, yes. In fact, cloud computing offers a level of security that an on-site server or a locked file cabinet cannot begin to approach. Because they can operate with large economies of scale, data centres can be surprisingly affordable. But all data centres are not created equal, so it is important to be sure that the one you choose can adequately protect your data. As a minimum, the data centre you choose to house your data should offer the following protection measures:
Physical security is also an important element to consider. Here are the key things you should be aware of:
- Redundant power supplies – Cloud computing data centres have back-up power supplies to run servers in case of power outages;
- Redundant internet connections – Cloud computing data centres have several Internet connections that run simultaneously;
- Redundant hardware – Tier 4 data centres use multiple hard drives and other components, arranged in such a way that if one fails, another can immediately and seamlessly take its place;
- Fire and flood – The data at most data centres is replicated in multiple location; and
- Theft – Data centre servers are not easily accessible. Only authorised agents have access to them, and their identity is verified using biometric measures like fingerprints and retina scans.
Application security covers the software side of the data centre. It deals with online security issues such as hackers and viruses. Typical application security measures include:
- Anti-virus detection software;
- Data encryption software;
- Administrative controls; and
- Regular security audits.