Getting a grip on your cloud: Security considerations for cloud deployments
By Srinivasan CR, Senior Vice President of Global Product Management & Data Center Services
AS shown by disruptive businesses such as Airbnb, cloud computing is changing the face of business as we know it. Organisations of all sizes anywhere can now harness the power of cloud-based tools to innovate and collaborate faster and more seamlessly than ever before. Cloud is becoming the foundation for digital transformation, enabling enterprises to manage the pressure of increasing the pace of their production cycles and boosting collaboration throughout the world.
McKinsey estimates that by 2018, more than half (51 percent) of enterprises will adopt cloud as their primary IT environment – up from just 10 percent in 2015. Indeed, it is no longer often a question of “if”, but rather “which” cloud services enterprises should use.
Security concerns holding businesses back
Despite the benefits of cloud, many enterprises remain unsure whether to take the plunge or which applications to migrate to the cloud due to security concerns. When it comes to public cloud, research by the SANS Institute shows that security is the biggest barrier for companies to choose these services in particular, with 58 percent of enterprises worrying about unauthorized access to their network, while 45 percent are afraid of data loss.
The SANS Institute figures also reveal that 40 percent cite unauthorized access to sensitive data by other tenants as the most pressing concern with public cloud deployments. Additionally, 33 percent of business decision makers feel that they don’t currently have enough visibility over their public cloud provider’s operations.
This does not necessarily mean that a private cloud is always more secure than a public cloud. Whether public or private, you need to choose carefully who you work with. Crucially, enterprises should first look into which cloud model best fits their needs. In doing so, the question of public, private or hybrid cloud is in large part determined by the desired level of control and reliability – which in turn impacts on the level of security of their cloud environment too.
So, before opting for a specific cloud model, companies should answer some basic questions: What type of a cloud model ensures regulatory compliance in your industry? What type of security and service assurances can the cloud provider offer? Where does your data reside in the cloud – i.e. in which country? Who can access data and how?
Data sovereignty – do you know where your data lives?
— Douwe Lycklama (@douwelycklama) May 24, 2017
In today’s data-powered economy, enterprises worry about data residency and sovereignty due to regulatory demands. In the public cloud, any of your data could live in any country or geography where that cloud provider has data centers – and in many instances it is against the law for a company to let data or even metadata about customers to move across borders in this way.
While a private cloud solution hosted in the local market is part of the solution to ensure data sovereignty and regulatory compliance, enterprises with global operations should choose a private cloud that gives them additional flexibility through a granular data center approach. This enables them to store their data in multiple different geographies, when laws allow them to do so, to ensure that employees in Singapore, for example, are able to access applications and data as quickly and efficiently as possible via a Singapore data center.
DDoS and DD4BC: security threats facing clouds
One of the major benefits of cloud is that it allows enterprises to use a scalable and cost-effective combination of the public Internet and private networks. With this cloud-friendly hybrid networking approach, you are able to dictate which applications can be accessed over the Internet, and which business-critical applications require the additional security and availability offered by a private network.
However issues arise when enterprises choose to rely on the public Internet alone for all their cloud applications. They risk opening themselves up for attacks such as DDoS, and increasingly incidents where the perpetrators use the threat of DDoS to extort businesses unless they pay a ransom with Bitcoins (DD4BC). Financial services, media and entertainment, and online gaming businesses have become popular targets for DD4BC, but these attacks are rapidly spreading to other sectors too.
As always-connected cloud-enabled IoT applications grow in popularity, the threat of DDoS and DD4BC is becoming greater. A few months ago, thousands and thousands of webcams with poor access controls were turned into a global botnet army called Mirai to stage the biggest DDoS attack in history. Given the way in which many cloud applications rely on the public Internet, it is crucial that enterprises are able to safeguard and maintain constant control over their various connected assets, and use private networks for business-critical cloud-based applications.
Private cloud – a more secure way forward
All cloud models have their pros and cons, but for enterprises hesitant about security, control and reliability issues, a private cloud solution is the best way to start their cloud journey. Compared with public cloud solutions, private clouds give enterprises a lot more control over all applications, including which employee can access what, complete visibility over where data lives, as well as the liberty to implement controls over the entire cloud estate depending on changing business demands.
To alleviate pressures on the IT department and ensure a smooth transition to the cloud at a pace that best suits the organisation, it is beneficial to choose a fully managed private cloud solution. When combined with an integrated security framework, a fully managed private cloud gives enterprises secure, reliable access to data no matter what, and protects intellectual property by constantly monitoring data entering and leaving the network across all devices.
— Vikas K Manoria (@vmanoria) May 29, 2017
Amidst the growing threat of cyber-attacks and increasing compliance pressures brought on by new digital rules such as the EU’s General Data Protection Regulation, it might be tempting for enterprises to steer clear of the cloud altogether. However, its benefits and the benefits of technologies that it enables such as IoT and mobile applications, far outweigh the risks.
So, do take the plunge, but choose your cloud model carefully and work with a partner that can support the migration to the new IT estate. Ultimately, when done right, cloud can pave the way for new ways of working, accelerate innovation and even open the door to new business models – driving digital transformation across the enterprise.