Cloud computing is fast becoming the norm for both businesses and homes across the country. For many people, it’s already the norm. However the question of security will always be important, particularly with the digital landscape changing as fast as it does, and businesses ultimately want to know - is cloud hosting secure?
It’s easy for us to say yes, cloud hosting is secure, but it will of course depend on where your data is hosted. What security measures is your hosting provider taking? Do they meet your specific business requirements?
The first question you should be asking of your cloud provider is - can I have a tour of the data centre. Any reputable provider should be willing and able to do this for you. Some, like us, will own their own data centre, others will be acting as resellers and using somebody else's data centre - but either way, it shouldn’t be a problem for tours to be arranged.
So what should you be looking for?
Firstly, physical security. Data centres are some of the most secure buildings on the planet. It should be very difficult to get into them. Look out for perimeter fencing, security gates, mantrap doors, CCTV, biometric access controls, virtual tripwires… did you need to contact them in advance of your visit, or could you just turn up? Are all visitors background checked before they arrive? How easy would it be for a complete stranger to arrive and get as far as the servers? The answer to this question should be - impossible.
Is the data centre ISO accredited? This international standard specifies the requirements that a data centre must uphold, helping you to implement the relevant organisational and technological security measures required by both the GDPR and the NIS Directive. At our data centre, Delta House in Manchester, we have an on-site security control centre which is accredited to Category 2 and NSI Gold Approved to BS5979 standards. If you need to attain a specific standard of security for your industry’s auditing purposes, make sure that your cloud data centre adheres to what you need.
Think as well about how your cloud infrastructure will be set up and managed. A public cloud set up, the equivalent of a shared server, can be a cheaper option, as the resource and therefore the cost, is shared. However this type of solution might not be secure enough for certain industries such as finance and legal, for which a private cloud solution would be better placed. With a private cloud solution, you wouldn’t share your infrastructure with any other accounts or businesses and your resource sits behind your own firewall. Firewalls identify who is requesting access to the network and whether or not they are authorised to access it. They create logs which enable cybersecurity teams to monitor network activity for signs of suspicious activity, including DDoS attacks, and if necessary adjust the rules to preserve confidentiality by blocking that traffic. Private cloud hosting will cost you more, but offers greater levels of security and control.
From the perspective of physical security of the equipment and infrastructure security, cloud hosting is absolutely more secure than traditional servers, but if you don't have your cloud systems set up properly, it won't matter how strong the provider's security is, your data will still be at risk, and if you don’t choose the right data centre for your particular needs, you could still come unstuck.