In the past several years, cloud adoption has grown rapidly. The latest studies reveal that cloud adoption in the UK now stands at 84 per cent with companies using at least one cloud service.

As investments in the cloud increase, so do concerns regarding security and the risks associated with storing sensitive information on cloud platforms.ย So what security essentials should a company consider when storing data in the cloud?

Cloud security starts with the same three ‘pillars’ as internal network security: confidentiality, integrity and availability. Yet, businesses need to recognise that the cloud stretches these three pillars in new ways. For example, there is a greater attack surface whatever the delivery model.

[easy-tweet tweet=”Private #cloud is the most secure, it doesnโ€™t compromise company policy but itโ€™s expensive to do right.” hashtags=”business”]

Private cloud is the most secure, it doesnโ€™t compromise company policy but itโ€™s expensive to do right. Community cloud involves shared infrastructure with unified security, compliance and jurisdiction requirements, although it can be restrictive. Public cloud is flexible from an adoption perspective, but you have to accept the policies of the service provider. Finally, hybrid cloud combines all these aspects, although success depends on the eventual service choice (x-as-a-service).

Once you have identified the architecture that fits your requirements, there are further questions to ask. Are you able to answer the following with confidence?

  • What are the controls on privileged administrators and how are they supervised?
  • Where is data held? How is it held (encrypted/resilient/high availability)?
  • Will legal obligations to protect company data be impacted if the provider has a distributed architecture (i.e. multiple data centres across different countries)?
  • What about backup and archiving?
  • What is the providerโ€™s viability? Any probability of company failure or acquisition?
  • Does the cloud solution integrate with the companyโ€™s IT infrastructure?
  • Will the workforce be affected by how they access data?
  • Certifications – who audits them and how frequently?
  • Does the provider have disruption provisions against attacks, business continuity or disaster recovery?

One point businesses must be aware of – data security remains their responsibility. It is not transferred to the provider. No single security method will solve every data-related problem, so multiple layers of defence are critical, from access control, system protection and personnel security, to information integrity, network protection and cloud security management.

As well as hackers targeting a specific cloud service or corporation, companies must also take into consideration the risks posed by employees. A research released by Experian showed that 60 per cent of security incidents were caused by the employees; this risk is exaggerated further by staff working remotely or the use of personal mobile devices to access sensitive materials outside of the company network. Consequently, organisations need to implement a strong security and awareness strategy that includes acceptable usage policies for the employees, enabling them not only to improve their cyber security behaviour, but to become true custodians of the companyโ€™s sensitive data, cloud or no cloud.

[easy-tweet tweet=”it is critical to make sure that #cloud infrastructure and disparate applications are integrated” hashtags=”business”]

Finally, it is critical to make sure that cloud infrastructure and disparate applications are integrated, yet independent from each other so that the impact of any compromise or breach can be contained. This is a crucial step to securing the cloud across a business.

+ posts

Gubi Singh, Chief Operating Officer, Redscan

Gubiโ€™s primary responsibilities at Redscan include strategy, business development and client management . He brings a vast level of business knowledge from over 10 yearsโ€™ experience within the IT services and technology industry, and prior to Redscan played a key role in a number of early stage FinTech start-ups. Gubi started his career at BT where he was responsible for driving sales growth within the capital markets sector. He has a degree in Computer Science and a Masters in e-Business Strategy and Systems.

Unlocking Cloud Secrets and How to Stay Ahead in Tech with James Moore

Newsletter

Related articles

How AI is Transforming Customer Communication Management

Business communication has evolved over the years. Today, it's...

Investment Opportunities for Startups and Technologies in AIย 

Although artificial intelligence developed from niche technology has become...

Four Surprising Lessons I’ve Learned Leading Tech Teams

Techies. Geeks. Boffins. Whatever your organisation calls its IT...

A Business Continuity Cheat Sheet

Right, let's be honest. When you hear "business continuity,"...

Challenges of Cloud & Ultima’s Solution to Transform Business

With the way that AWS and Microsoft dominate technology...