Even if you are reading this post because you have no idea what the cloud is, you might be using it more often than you realize. Twitter, LinkedIn, Dropbox, Google Drive, and Microsoft Office 365 are some of the most well-known cloud apps.
Let’s start with a definition of the cloud to get a grip on things:
Cloud computing, often referred to as simply “the cloud,” is the delivery of on-demand computing resources—everything from applications to data centers—over the Internet.Cloud resources are often split up in three different ways:
- Public: cloud services are delivered over the Internet and sold on demand, which provides customers with a great amount of flexibility. You only pay for what you need.
- Private: cloud services are delivered over the business network from the owner's data center. You have control over the hardware, as well as the management and related costs.
- Hybrid: a mix of the above. Businesses can choose to have control over the most sensitive data or their average user and use public services to cover the rest of their needs.
Perceptions of the cloudThere are a few expressions about saving your data in the cloud that are not completely true, but will give you an idea of people’s perception of the cloud and what risks might be involved.
- Your data is on someone else’s computer.
- Your data is in a huge server farm.
- You can’t be sure where your data is right now.
So what we really want to know is: Who actually has access to our data? This is not only relevant with regards to cybercriminals that can gain access through breaches. The Patriot Act gives the US government a lot of freedom to access and investigate data that is stored in cloud infrastructures. And of course, the cloud provider who stores that data can see it. Depending on the provider, they can even advertise to you based on your data, as is the case with most social media platforms.
And in case of a breach? Is your data stored and sent encrypted? What if someone manages to intercept the traffic? These questions may not all be relevant in your case, but they are worth thinking about.
Pros and consAs with all technology, there are pros and cons to using the cloud. Here are a few:
- scalable and flexible, so you can quickly react to ups and downs
- cost effective—you pay for what you use
- off-site backup, so no need to worry about losing it all in a fire or other catastrophe
- access to data in any location
- less direct control
- potential for privacy and security violations (breaches)
- different security measures from what you may be used to
- access dependent on access to the Internet, which means services outages could lock you out of your data
Choosing the right cloud serviceFirst and foremost, when looking for a cloud service provider, you should consider one that not only suits your data storage needs, but also is a reliable partner. Look at their track record and ask for references. With public cloud solutions, you need to consider the possibilities of traffic being intercepted, maybe even being altered, and data being stolen. And always look for providers that offer encryption and multi-factor authentication.
Because running cloud applications requires more attention then straightforward data storage, it’s helpful to distinguish Infrastructure-as-a-Service (IaaS) from Platform-as-a-Service (PaaS) when you are talking about cloud security.
- IaaS is when your systems are running on virtual servers in the cloud.
- PaaS is when your applications are running on cloud environments.
For a PaaS environment, application hardening will be different as it may require a web-application firewall. As the applications are not running from the systems within your intranet, they will very likely be using different Internet connections to send and receive traffic. This is something to determine with the cloud service provider. Who takes care of what?
One other thing to consider when choosing your cloud service provider is the physical location of your data. It is your responsibility to make sure you remain compliant with laws and industry regulations. This can also be an important consideration when you are about to decide which data you will move to the cloud and which should be kept in-house.