Home > Resources > Blog
Date posted: 21st October 2015
Are you thinking of cloud migration, but have your doubts whether cloud security is adequate? You are not alone.
Some small and mid-market businesses are hesitant to full embrace cloud migration, fearing that their business sensitive data might get breached when stored in the public cloud. But is the risk really that high or can it be managed?
As statistics show, more than half of all enterprises and third of small and medium-sized firms have security concerns when thinking of transferring their IT operations to the public cloud. In fact, this tops the list of security worries, ahead of concerns like the location of their data and the possible difficulties they might face when trying to access information on-demand.
No cyber security is perfect and this applies to the public cloud too. But for some companies with smaller budgets and limited resources a public cloud solution might actually lead to improvement in security, as the provider (i.e Amazon Web Services) might have more resources dedicated to protecting the system and managing possible security breaches quickly and effectively.
Also, hackers are utilizing the exact same strategies when trying to breach cloud and on-site hardware. So even if the public cloud servers of the provider present a more tempting target containing the data of dozens or even hundreds of firms, this doesn’t change the types of threats it is up against. So to answer our question − yes, choosing cloud brings with it some risks, but those can be mitigated if resources are managed properly.
Specifying, the safety measures in the contract (so-called Service Level Agreements or SLA for short) with the provider is one of the areas to look out for. If your company adopted a high security standard, uses a reliable software solution and applies other effective protection strategies like two-factor verification or data encryption − all this can be retained when opting for the cloud.
You also have other options like running a cloud managed security audit or penetration test to make sure that all of the security conditions you requested from your cloud provider are adhered to. If not, contract penalties can be imposed. But most of the above-mentioned measures are only reactionary to the breaches, which might have happened already.
Questions to consider when migrating to the public cloud
Is your company or its core sector subject to regulation?
Many industries like healthcare (HIPAA) or finance (SOX/PCI) have strict rules when it comes to data transfers and storage, with many organizations having in place restrictions for storage outside the United States. Your Cloud Managed Services provider or IT department should ensure your data is stored within the United States.
Do you know the value of all your assets?
As a minimum, run a data inventory on critical pieces of information you intend to store in the cloud – for example accounting or customers’ private information. Now imagine you will lose access to them for several hours or days. Is your company able to manage such a situation or is a higher level of security needed? If so, data may potentially need to remain in-house.
How is your data protected in transit between the public cloud and company devices?
Encrypting all your data on the cloud and on its way to it – irrespective of whether it is from a desktop, laptop, mobile phone or tablet (including BYOD) – is important for keeping your information secure.
How is your data protected in storage?
If you want to avoid unauthorized users going through your files and sensitive information, you need to check who can access both the cloud specific data that it stored there. Also, when multiple employees are editing a file, you need to provide audit control on who is making changes.
What if a public cloud provider breach were to occur?
Is your firm able to absorb the damages done to your brand? Don’t get this wrong, it’s not about financial liabilities, which are most probably part of the SLA. But if data is lost or stolen, your brand reputation with customers may be irrevocably destroyed.
Learn more about Netfast Cloud Managed Security Services
October is National Cyber Security Awareness Month
Netfast is an Amazon Web Services Partner | Leader in Enterprise Class Public Cloud Security