Knowledge, Ideas and News
In our previous article we discussed the basics of Cloud computing and identified several popular apps being used. Without knowing it – many businesses are making use of the Cloud. But few companies have moved all their applications and only utilize IT via cloud services. Most are using a hybrid solution.
A question we are often asked at Tech To U is:
Are Cloud applications secure?
The better questions to ask are:
- What are the implications to our IT security as we adopt the Cloud?
- How secure are the Cloud services or applications we’re considering using?
Security comes down to people, processes and technology. Owners must understand that once you begin using Cloud services, you are exposing corporate data to third parties. You now rely on their people, processes and technology to function in a secure manner. Thus you have now introduced new risks and you lack control to manage those risks directly.
So how do you manage these risks? We have some recommendations:
Analyze the type of data assets your organization owns and hosts internally or externally. Determine the sensitivity of the data assets. What data is so sensitive or proprietary that you absolutely would not want it exposed publicly or could cause harm to your business if it did. These assets are strong candidates to be hosted on internal infrastructure or a higher degree of scrutiny should be applied to select a Cloud provider.
Identify corporate requirements when it comes to security and other key features of the technology such as scalability and backup procedures. Requirements can include compliance with legislation or contractual requirements with customers, partners or vendors. Conduct due diligence to understand security access controls and the provider’s commitment to security (such as certifications). What is their track record around breaches? You can even conduct security audits.
For small and mid-sized business owners, the skillset or capacity may not be available in house to conduct a security review. In these cases, you are advised to consult with IT professionals who have conducted due diligence on services and understand technologies. They can offer a professional opinion on security levels and risks so you understand what you are getting into and/or how to mitigate risks of using those services.
With the help of an IT and/or legal professional, review contracts closely to understand key issues such as:
- What are service level agreements around uptime?
- Do you give up ownership of any data?
- Can the provider alter data?
- What data is encrypted?
- Is the data shared with third parties?
- What rights do you have to limits views and access to your data?
Working with Cloud services can expose you to new liabilities so understand what they are, how you can mitigate them and potentially how you would need to respond to a security breach by a third party provider.
Some owners think once they move to the Cloud, they don’t need IT staff anymore or they no longer need an IT provider to help manage their IT. This is far from true. Because you’ll be among the throngs operating in a hybrid environment (some Cloud and some local technologies) you still need IT oversight on some of your IT infrastructure and applications. You may require assistance to manage and monitor third party services or troubleshoot issues staff have with the services and identify security concerns. There will be new technologies that emerge that are a better fit for your business and may be more secure. If you end up migrating services you will need help. An IT professional can keep you apprised of new options.
So those are some basics. This is not about making your head spin but alerting you of potential issues and helping you understand that Cloud technologies are increasing complexity of IT environments. Embrace Cloud technologies to help you improve your business but being prudent is essential.