When you make the decision to migrate some, or all of your IT infrastructure to the cloud, it’s vital that you know how to secure your business in the cloud. The cloud is a lucrative target for cybercriminals, from data and finances, to IP and trade secrets. The loss of any such data could easily bring a business to its knees making data privacy and cloud security perhaps the most important aspect of any business.
If you are planning to run any area of your business in the cloud, you have to evaluate and analyse the risks, and determine how to mitigate them. And it’s important to remember, that this responsibility doesn’t just fall to your CSP (Cloud Service Provider) or your data centre provider, but also on you.
Things to consider;
- Public cloud vs private cloud options
- Where your data is held
- Your data encryption capabilities
- Privacy controls
- Regulation compliance (E.g. GDPR)
- The security processes and procedures of your CSP
- The security processes and procedures of the data centre provider
Your Holy Grail here is holistic, end-to-end security that spans from the data centre, to the cloud provider, and from the cloud provider to the enterprise and its end users.
While a private cloud solution will likely offer you more security, many businesses can easily meet compliance requirements with a public cloud infrastructure. Most in reality, will have some design of hybrid cloud in place. Whichever option you choose for your business, the considerations remain the same.
- Where exactly, is your data?
- Do you know where the data centre is and who owns and manages it?
- Are you happy with the security procedures put in place by the data centre - both physical and digital?
- Who is allowed to access your data? (at your company, at the CSP and at the data centre)
- Are all parties compliant with your industry’s requirements? (GDPR, ISO, NIS for example)
- Is data encrypted in transit, and at rest?
- Are all end-user devices secured via endpoint security?
- Are you using MFA (Multi-Factor Authentication) and MDM (Mobile Device Management)?
- Is there a data retention period for sensitive data?
Ultimately, as the owner of the data it is your responsibility to make sure that the cloud solution you’re using is fit for purpose. At all levels. Do your research and ask the awkward questions. There is some information to help with this in our download - 10 questions you should be asking your cloud provider. And remember that there’s no point relying on the security of your cloud hosting provider if your employees are accessing sensitive files on unsecured devices. The responsibility spans the entire length of your network. End to end security from the device, to the cloud, and back again.