Cloud security and concerns around it have dominated conversations about cloud adoption, with a recent study from Ingram Micro revealing that it’s a top concern for 83% of organisations looking for a cloud solution.
But as the technology available advances, cloud suppliers are frequently turning to the industry’s most sophisticated security packages to protect data, and are able to justify investment in top-level security to protect a wide range of customers.
Of course, not all cloud solutions support the same level of security. So what should organisations be looking out for when exploring all the functions offered by vendors to ensure they get the best level of security?
Here are three things to look out for before committing to that cloud contract.
The first thing to check for is the solution’s ability to share information across departments. This functionality is key to CIOs looking to transform the business by improving customer experience, improving organisational agility and introducing new digital revenue streams.
Corporations run hundreds, and sometimes even thousands of interconnected applications to support their operations. Traditional solutions stored information in many different places, so keeping those systems in sync was a challenging task.
True, multi-tenancy SaaS makes all of this much easier, with human resource, finance and planning data stored in one application. This central design has many benefits, with all systems working from a common framework, so there are no inconsistencies in data. It also eradicates the disconnect between the system and its users, a problem prevalent in many legacy systems.
Consequently, security improves with a single version of the software that is continuously updated, scanned and patched. This is far better than working with multiple packages, and any security-related changes to the system architecture are relayed to all customers simultaneously. If a leading enterprise needs a stringent new security feature, it’s available to an SMB as well.
In the old days, corporations relied on firewalls to protect information, thinking that once the business had warded off outsiders, information was safe. Such thinking is now very outdated, with hackers able to attack systems at different levels. Once in a system, they stay, often working their way from low-level to high-level security clearances and compromising sensitive information.
One way firms can protect themselves is through encryption. Typically, data is encrypted in transit, which is a first rather than last step. Once information enters the data centre, it’s unencrypted and therefore vulnerable. To address this problem, organisations need to encrypt information at rest in a persistent data store.
Unfortunately, cloud services built on legacy architectures rarely support the encryption of all customer data at rest because these systems are complex and difficult to implement.
With modern cloud architectures, a good cloud vendor will take on those responsibilities, especially if privacy and security are embedded into the solution’s system right from the start.
Support for third-party standards
Industry and government groups have designed various compliance frameworks to protect customer information, such as the GDPR coming into force in just a few weeks. However, the specifications are only a starting point.
While assessing a solution, the various compliance standards and security implementations should be thoroughly examined. Is the service simply aligned with the standard or has the service been certified? How is the information stored? What level of encryption is supported? How are updates handled?
All cloud providers claim to have secure systems, but fewer offer the higher levels of protection needed for your valuable data. Carefully examining a vendor’s solution, however good it may seem on the surface, is key to a breach-free, compliant cloud future.