4 Common Errors in Managing Security In The Cloud
Look up cloud computing on Google and you’ll get more than 323 million results.
That’s no surprise. More than 95% of organizations are using cloud services in some shape or form.
Cloud computing can simplify operations. It removes the burden of owning and maintaining your own Data Center and infrastructure. Using Infrastructure as a Service (IaaS) can reduce your costs for hardware. Pay-as-you-go services can stop you from paying for excess capacity you might not need without giving up the option to add more whenever you need it.
A public cloud solution allows companies to outsource the maintenance and IT management of the servers. A private cloud gives businesses complete control over their data, especially when sensitive data needs to have higher levels of internet security, information protection, and identity management.
Common Mistakes Companies Make With The Cloud
If you’re looking at data migration or switching to cloud-based solutions, you need to avoid these common mistakes companies make when utilizing the cloud.
1. Not Taking Advantage of The Cloud
If you’re not taking full advantage of all cloud-based solutions have to offer, you may be putting your company at a strategic disadvantage. Here are just a few of the advantages of doing business in the cloud:
Access to data for remote workers, at-home workers, and your mobile workforce
Increased collaboration with shared storage
True scalability without having to pay for capacity you don’t use
Data migration to the cloud can streamline operations and workflow
Automated software updates and patches
Data security and information protection
Backup, failover, and disaster recovery
Document control and authentication
Ease of management
In addition, cloud computing can reduce an organization’s carbon footprint. Since you utilize only the resources you need, you can avoid over-provisioning and control your energy utilization and waste.
2. Not Managing Bandwidth
If you’re going to do business in the cloud, you must have enough bandwidth to handle peak demands. Sluggish performance can lead to a major frustration for team members. You need to size your bandwidth to your business needs and give yourself a pathway to add additional capacity if needed.
While not every application will need instant access, you will also want to take stock of your workflow and where latency will be an issue.
3. Not Planning For Costs
For small and medium-sized business, moving to a public cloud solution can be a significant cost-saver. For larger businesses, a private cloud solution may reduce the total cost of ownership.
Failing to plan for costs, however, can cause problems. As you add capacity, costs go up. Adding additional services or apps can also increase costs.
You also need to be aware of vendor lock-in costs. Many services are platform-dependent. If this uses proprietary software, applications, or equipment that belong to your cloud provider, it may make it very difficult or expensive to move to a new provider or complete data migration. This tends to lock you into one vendor and diminish your ability to take advantage of cost savings that may arise by switching to different providers.
Part of planning for costs include negotiating Service Level Agreements (SLAs). SLAs dictate roles and responsibilities for managing your relationship with your cloud provider. It dictates what level of service your vendor will provide and the standards they are obligated to meet.
Your SLA should include:
Statement of Objectives
Scope of services
Service provider responsibilities
Penalties for breach
There’s typically a lot of fine print, but the details can be critical. If there’s a service interruption, it can cause problems for your business. You need to carefully examine your SLA for availability and uptime percentages along with remedies if your provider fails to meet their standards.
Likewise, sluggish performance can impact you as well. Benchmarks for performance should be established with periodic reviews.
If there is a problem, you want to have a clearly defined response time the provider is required to meet along with resolution times. You also want to specific notification procedures for planned IT management or maintenance that may affect your business
Private cloud providers are more likely to customize their services to your operation and may have more flexibility in how they approach SLAs. Public cloud providers are sharing virtual servers and other hardware with a variety of customers and may have standard SLA agreements.
You may also be able to negotiate fees based on levels of service and performance in your service level agreements.
4. Not Detailing Security
Anytime you are storing your data, security needs to be one of your top priorities. The risks – and liability – associated with security breaches can be serious.
When you are comparing cloud providers, you want to have a detailed understanding of the security protocols that are in place. This should include regular risk assessments, penetration testing, and breach mitigation.
Here are some of the questions you should ask in evaluating cloud providers:
What specifically do you do to keep my data safe?
This includes physical defense, employee screening, firewalls and other barriers to entry, identity management and password authentication, application firewalls, activity monitoring, active monitoring for malware and breaches.
Do you encrypt my data?
You will want to be specific here. You want your data to be encrypted when stored on cloud servers. This is called data-at-rest.
You may also want your data-in-transit to be encrypted so that it can’t be intercepted before it hits a remote server. This should include any APIs that access the data.
Ask what type of encryption is used. You should expect military-grade AES 256-bit encryption as a minimum.
How do you control access?
You want assurances that only your business can access your data and that system architecture prevents inadvertent access. This means no mixing of data and clear firewalls between companies if data is stored on shared servers. You also want robust identity management, authentication, and role assignment.
Managing Security In The Cloud
Managing security in the cloud will be a shared responsibility and one that everyone needs to take seriously. Make sure you have a firm understanding of what your provider is responsible for and what your team needs to handle.
Planning for contingencies, managing your bandwidth, planning for costs, and have clearly defined SLAs will help you take full advantage of all the benefits the cloud offers.